Is there any reason we should keep support for #OpenSSL < v3 in #curl ?

curl.se/mail/lib-2025-08/0035.…

I nominate docs.openssl.org/3.3/man3/d2i_… as #OpenSSL's worst man page. And there's fierce competition for that award.

And in the end it does not even mention the weird behavior: it stores errors in an internal queue which mysteriously makes the *next* invoked function fail...

Would you say this is an accurate description of (some of the) #OpenSSL forks family tree?

(These are the OpenSSL forks #curl supports.)

"download time is reduced by ~13%" (for #curl)

... by adding some odd #OpenSSL functions we didn't know existed.

github.com/curl/curl/pull/1754…

openssl: enable readahead and increase read buffer size (improves download speed) by edwintorok · Pull Request #17548 · curl/curl

I ran strace on curl and noticed that it is doing a lot of very short reads, of exactly 5 bytes, followed by a larger read. strace Before recvfrom(4, "\27\3\3@\30", 5, 0, NULL, NULL) = 5 ...

^GitHub

Can distros ship #git that ends up using #OpenSSL (via libcurl)? This bug was filed against Debian:

bugs.debian.org/cgi-bin/bugrep…

It looks like the #OpenSSL QUIC API might be supported in the coming #ngtcp2 1.12.0 release:

github.com/ngtcp2/ngtcp2/pull/…

This could be exciting for #curl users building with #OpenSSL ...

Add libngtcp2_crypto_ossl, osslclient and osslserver by tatsuhiro-t · Pull Request #1582 · ngtcp2/ngtcp2

Add libngtcp2_crypto_ossl, osslclient and osslserver libngtcp2_crypto_ossl is an ngtcp2 crypto helper library for OpenSSL >= 3.5. If libngtcp2_crypto_ossl is used, an application must make sur...

^GitHub

I'll talk #http3 again this week and I made this new slide explaining the #OpenSSL #QUIC "journey"

Did I miss any major milestone I should add?

There was another #OpenSSL update: the QUIC API now offers 0-RTT support and they say this will be part of what ships in 3.5:

github.com/openssl/openssl/pul…

Added new API to enable 0-RTT for 3rd party QUIC stacks. by baoyi84930 · Pull Request #26842 · openssl/openssl

Added new API to enable 0-RTT for 3rd party QUIC stacks. Checklist documentation is added or updated tests are added or updated

^GitHub

Let me explain the #OpenSSL #QUIC API move and what it might mean. For #curl and for others.

daniel.haxx.se/blog/2025/02/16…

OpenSSL does a QUIC API

But will it satisfy the world? I have blogged several times in the past about how OpenSSL decided to not ship the API for QUIC a long time ago, even though the entire HTTP world was hoping for it - or even expecting it.

^{daniel.haxx.se}

I asked the #OpenSSL team about their new #QUIC API:

Out of curiosity: since you decided to provide a quite different API than what was once offered to you and what several QUIC stacks are already using. How did you come up with this API?

github.com/openssl/openssl/pul…

Add an API for other QUIC stacks to use our TLS implementation by mattcaswell · Pull Request #26683 · openssl/openssl

We provide some callbacks for third party QUIC stacks to use in order to be able to reuse the OpenSSL TLS implementation in that stack. This is essentially a thin wrapper around the same API that O...

^GitHub

Three years ago I blogged about #OpenSSL's decision to deliberately block #QUIC progress in the world: daniel.haxx.se/blog/2021/10/25…

Which is timely with the OpenSSL 3.4.0 release announced just days ago: that still does not offer a working (and performant) QUIC API. (yes, there is an attempt there but it's not production grade)

It's almost like the writing was on the wall already a long time ago.

Since #openssl does not seem to fix any of the remaining #QUIC API problems in their upcoming 3.4 release, it will keep lagging behind.

openssl-library.org/post/2024-…

According to @bagder the stubborn way the #OpenSSL project is handling #QUIC implementation is directly responsible for delaying HTTP/3 adoption (1), and I tend to agree. When the project rejected the community QUIC patches and decided to go with their own design, it wasn't difficult to predict problems. This was proven right by the massive feature gaps (2) and performance issues (3) discovered by @icing when trying to marry OpenSSL QUIC to #curl. Even with API fixes released in version 3.3 the implementation is still inferior, and there is no good solution in sight.

1) lwn.net/Articles/983380/
2) github.com/openssl/openssl/dis…
3) github.com/icing/blog/blob/mai…

blog/curl-h3-performance.md at main · icing/blog

Contribute to icing/blog development by creating an account on GitHub.

^GitHub

I could not resist responding to the #openssl thread on #lwn:

lwn.net/Articles/983380/

CVE-2024-5535 is an #OpenSSL problem that cannot be triggered by #curl

OpenSSL calls it it a low severity flaw. openssl.org/news/vulnerabiliti…

GitHub lists it as "critical" at 9.1 out of 10: github.com/advisories/GHSA-4fc…

CVE-2024-5535 - GitHub Advisory Database

Issue summary: Calling the OpenSSL API function...

^GitHub

Why is #curl with #openssl + #nghttp3 still experimental?

github.com/curl/curl/discussio…

Why openssl + nghttp3 is still experimental? · curl curl · Discussion #13820

Why openssl + nghttp3 is still experimental?

^GitHub

unfortunately, the new #openssl version does not do #QUIC good enough for #curl to consider removing the experimental label from it:

curl.se/mail/distros-2024-04/0…

There are TLS servers that don't send the required close_notify alert message in certain conditions. #Google web servers do this if they think the that recipient isn't interested about the message body and no connection keep alive is set. Examples of such connections would be requests that end up with 0 byte message body while:
• HTTP/1.0 without "Connection: keep-alive" header or
• HTTP/1.1 with "Connection: close" header

This can cause some complications since #OpenSSL 3 defaults to erroring out if the close_notify is missing.

SSL_OP_IGNORE_UNEXPECTED_EOF option was added to enable talking to these non-compliant servers. Enabling this option removes truncation attack protection - so this option should really only be used when absolutely necessary. However, unless if you control the servers being talked to, you probably need to enable this option for now.

So why does Google terminate connections without close_notify? Likely it is done to save some resources when tearing down TLS connections. If you have billions of connections going on all the time, even some small savings add up quickly.

github.com/php/php-src/issues/…

OpenSSL 3: Support of SSL_OP_IGNORE_UNEXPECTED_EOF context option · Issue #8369 · php/php-src

Description OpenSSL became more strict about unexpected EOF (not sending close notify) in 1.1.1e but reverted that change in 1.1.1f due to the huge amount of non-compliant servers. With the new maj...

^GitHub

Building #curl using #OpenSSL 3.2 #QUIC?

github.com/curl/curl/discussio…

Building libcurl using OpenSSL 3.2 QUIC? · curl/curl · Discussion #12425

Hello, are there any plans to build libcurl with OpenSSL v3.2's new QUIC API? OpenSSL v3.2 was officially released 11/23 (which supports QUIC client capabilities). In this way, libcurl doesn't need...

^GitHub

The "#OpenSSL situation" will still make it tricky for ordinary people to enable HTTP/3.

As I blogged already two years ago: daniel.haxx.se/blog/2021/10/25…

"The #OpenSSL project really seems to be in a dead end for me, it's incompatible with #QUIC and unfixable performance-wise" / Willy Tarreau

mailarchive.ietf.org/arch/msg/…

„One might wonder how a punycode decoder that overflows on an example string from the RFC makes it into a cryptographic library released in '21.“ #OpenSSL

marc.info/?l=openbsd-ports-cvs…

#OpenSSL 3.0.7 updates

@OCRbot eng