mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move the wolfSSL Configuration section higher in QUIC.md because it is the first step.

Browse Source
This commit is contained in:
Anthony Hu 2023-01-20 09:49:18 -05:00
parent cfe92aa330
commit 9be01633d1
1 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/QUIC.md
View File

@ -12,6 +12,22 @@ QUIC, on the other hand, is always protected by TLS. A QUIC implementation does
implementation of the TLS protocol, specifically TLSv1.3. It does this in new ways and TLS
implementations need to accommodate these. Those specifics have been added to wolfSSL.
## wolfSSL Configuration
QUIC support is enabled in the common autoconf style via:
```
> ./configure --enable-quic
```
this drags in some very basic features. To have everything necessary for a QUIC protocol implementation like ngtcp2, one would do:
```
./configure --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
```
**Note**: for now, quic is not enabled via `--enable-all` and always needs to be specified.
## ngtcp2
One of the recommended QUIC implementations is [ngtpc2](https://github.com/ngtcp2/ngtcp2). It now
@ -43,24 +59,6 @@ The separation of QUIC's "crypto" parts from its other protocol enabling functio
Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementors happily make use of existing TLS libraries.
## wolfSSL Configuration
QUIC support is enabled in the common autoconf style via:
```
> ./configure --enable-quic
```
this drags in some very basic features. To have everything necessary for a QUIC protocol implementation like ngtcp2, one would do:
```
./configure --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
```
**Note**: for now, quic is not enabled via `--enable-all` and always needs to be specified.
## wolfSSL API
The exposed API carries all methods that the [quictls/openssl](https://github.com/quictls/openssl) introduces. This seems to become the standard, since other *SLL libraries have picked those up or are about to. The methods are all in the `wolfSSL_` prefix. There are some additional methods, which are covered below.