.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL-QUIC 7ossl" .TH OPENSSL-QUIC 7ossl "2024-01-30" "3.2.1" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" openssl\-quic \- OpenSSL QUIC .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL 3.2 and later features support for the \s-1QUIC\s0 transport protocol. Currently, only client connectivity is supported. This man page describes the usage of \s-1QUIC\s0 client functionality for both existing and new applications. .PP \&\s-1QUIC\s0 functionality uses the standard \s-1SSL API. A QUIC\s0 connection is represented by an \s-1SSL\s0 object in the same way that a \s-1TLS\s0 connection is. Only minimal changes are needed to existing applications making use of the libssl APIs to make use of \&\s-1QUIC\s0 client functionality. To make use of \s-1QUIC,\s0 use the \s-1SSL\s0 method \&\fIOSSL_QUIC_client_method\fR\|(3) or \fIOSSL_QUIC_client_thread_method\fR\|(3) with \&\fISSL_CTX_new\fR\|(3). .PP When a \s-1QUIC\s0 connection is created, by default, it operates in default stream mode, which is intended to provide compatibility with existing non-QUIC application usage patterns. In this mode, the connection has a single stream associated with it. Calls to \fISSL_read\fR\|(3) and \&\fISSL_write\fR\|(3) on the \s-1QUIC\s0 connection \s-1SSL\s0 object read and write from that stream. Whether the stream is client-initiated or server-initiated from a \s-1QUIC\s0 perspective depends on whether \fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) is called first. See the \s-1MODES OF OPERATION\s0 section for more information. .PP The default stream mode is intended for compatibility with existing applications. New applications using \s-1QUIC\s0 are recommended to disable default stream mode and use the multi-stream \s-1API\s0; see the \s-1MODES OF OPERATION\s0 section and the \s-1RECOMMENDATIONS FOR NEW APPLICATIONS\s0 section for more information. .PP The remainder of this man page discusses, in order: .IP "\(bu" 4 Default stream mode versus multi-stream mode; .IP "\(bu" 4 The changes to existing libssl APIs which are driven by QUIC-related implementation requirements, which existing applications should bear in mind; .IP "\(bu" 4 Aspects which must be considered by existing applications when adopting \s-1QUIC,\s0 including potential changes which may be needed. .IP "\(bu" 4 Recommended usage approaches for new applications. .IP "\(bu" 4 New, QUIC-specific APIs. .SH "MODES OF OPERATION" .IX Header "MODES OF OPERATION" .SS "Default Stream Mode" .IX Subsection "Default Stream Mode" A \s-1QUIC\s0 client connection can be used in either default stream mode or multi-stream mode. By default, a newly created \s-1QUIC\s0 connection \s-1SSL\s0 object uses default stream mode. .PP In default stream mode, a stream is implicitly created and bound to the \s-1QUIC\s0 connection \s-1SSL\s0 object; \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) calls to the \s-1QUIC\s0 connection \s-1SSL\s0 object work by default and are mapped to that stream. .PP When default stream mode is used, any \s-1API\s0 function which can be called on a \s-1QUIC\s0 stream \s-1SSL\s0 object can also be called on a \s-1QUIC\s0 connection \s-1SSL\s0 object, in which case it affects the default stream bound to the connection. .PP The identity of a \s-1QUIC\s0 stream, including its stream \s-1ID,\s0 varies depending on whether a stream is client-initiated or server-initiated. In default stream mode, if a client application calls \fISSL_read\fR\|(3) first before any call to \&\fISSL_write\fR\|(3) on the connection, it is assumed that the application protocol is using a server-initiated stream, and the \fISSL_read\fR\|(3) call will not complete (either blocking, or failing appropriately if nonblocking mode is configured) until the server initiates a stream. Conversely, if the client application calls \fISSL_write\fR\|(3) before any call to \fISSL_read\fR\|(3) on the connection, it is assumed that a client-initiated stream is to be used and such a stream is created automatically. .PP Default stream mode is intended to aid compatibility with legacy applications. New applications adopting \s-1QUIC\s0 should use multi-stream mode, described below, and avoid use of the default stream functionality. .PP It is possible to use additional streams in default stream mode using \&\fISSL_new_stream\fR\|(3) and \fISSL_accept_stream\fR\|(3); note that the default incoming stream policy will need to be changed using \fISSL_set_incoming_stream_policy\fR\|(3) in order to use \fISSL_accept_stream\fR\|(3) in this case. However, applications using additional streams are strongly recommended to use multi-stream mode instead. .PP Calling \fISSL_new_stream\fR\|(3) or \fISSL_accept_stream\fR\|(3) before a default stream has been associated with the \s-1QUIC\s0 connection \s-1SSL\s0 object will inhibit future creation of a default stream. .SS "Multi-Stream Mode" .IX Subsection "Multi-Stream Mode" The recommended usage mode for new applications adopting \s-1QUIC\s0 is multi-stream mode, in which no default stream is attached to the \s-1QUIC\s0 connection \s-1SSL\s0 object and attempts to call \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) on the \s-1QUIC\s0 connection \&\s-1SSL\s0 object fail. Instead, an application calls \fISSL_new_stream\fR\|(3) or \&\fISSL_accept_stream\fR\|(3) to create individual stream \s-1SSL\s0 objects for sending and receiving application data using \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3). .PP To use multi-stream mode, call \fISSL_set_default_stream_mode\fR\|(3) with an argument of \fB\s-1SSL_DEFAULT_STREAM_MODE_NONE\s0\fR; this function must be called prior to initiating the connection. The default stream mode cannot be changed after initiating a connection. .PP When multi-stream mode is used, meaning that no default stream is associated with the connection, calls to \s-1API\s0 functions which are defined as operating on a \&\s-1QUIC\s0 stream fail if called on the \s-1QUIC\s0 connection \s-1SSL\s0 object. For example, calls such as \fISSL_write\fR\|(3) or \fISSL_get_stream_id\fR\|(3) will fail. .SH "CHANGES TO EXISTING APIS" .IX Header "CHANGES TO EXISTING APIS" Most \s-1SSL\s0 APIs, such as \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3), function as they do for \s-1TLS\s0 connections and do not have changed semantics, with some exceptions. The changes to the semantics of existing APIs are as follows: .IP "\(bu" 4 Since \s-1QUIC\s0 uses \s-1UDP, \s0\fISSL_set_bio\fR\|(3), \fISSL_set0_rbio\fR\|(3) and \&\fISSL_set0_wbio\fR\|(3) function as before, but must now receive a \s-1BIO\s0 with datagram semantics. There are broadly four options for applications to use as a network \&\s-1BIO:\s0 .RS 4 .IP "\(bu" 4 \&\fIBIO_s_datagram\fR\|(3), recommended for most applications, replaces \&\fIBIO_s_socket\fR\|(3) and provides a \s-1UDP\s0 socket. .IP "\(bu" 4 \&\fIBIO_s_dgram_pair\fR\|(3) provides \s-1BIO\s0 pair-like functionality but with datagram semantics, and is recommended for existing applications which use a \s-1BIO\s0 pair or memory \s-1BIO\s0 to manage libssl's communication with the network. .IP "\(bu" 4 \&\fIBIO_s_dgram_mem\fR\|(3) provides a simple memory BIO-like interface but with datagram semantics. Unlike \fIBIO_s_dgram_pair\fR\|(3), it is unidirectional. .IP "\(bu" 4 An application may also choose to implement a custom \s-1BIO.\s0 The new \&\fIBIO_sendmmsg\fR\|(3) and \fIBIO_recvmmsg\fR\|(3) APIs must be supported. .RE .RS 4 .RE .IP "\(bu" 4 \&\fISSL_set_fd\fR\|(3), \fISSL_set_rfd\fR\|(3) and \fISSL_set_wfd\fR\|(3) traditionally instantiate a \fIBIO_s_socket\fR\|(3). For \s-1QUIC,\s0 these functions instead instantiate a \fIBIO_s_datagram\fR\|(3). This is equivalent to instantiating a \&\fIBIO_s_datagram\fR\|(3) and using \fISSL_set0_rbio\fR\|(3) and \fISSL_set0_wbio\fR\|(3). .IP "\(bu" 4 Traditionally, whether the application-level I/O APIs (such as \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) operated in a blocking fashion was directly correlated with whether the underlying network socket was configured in a blocking fashion. This is no longer the case; applications must explicitly configure the desired application-level blocking mode using \fISSL_set_blocking_mode\fR\|(3). See \&\fISSL_set_blocking_mode\fR\|(3) for details. .IP "\(bu" 4 Network-level I/O must always be performed in a nonblocking manner. The application can still enjoy blocking semantics for calls to application-level I/O functions such as \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3), but the underlying network \s-1BIO\s0 provided to \s-1QUIC \s0(such as a \fIBIO_s_datagram\fR\|(3)) must be configured in nonblocking mode. For application-level blocking functionality, see \&\fISSL_set_blocking_mode\fR\|(3). .IP "\(bu" 4 \&\fIBIO_new_ssl_connect\fR\|(3) has been changed to automatically use a \&\fIBIO_s_datagram\fR\|(3) when used with \s-1QUIC,\s0 therefore applications which use this do not need to change the \s-1BIO\s0 they use. .IP "\(bu" 4 \&\fIBIO_new_buffer_ssl_connect\fR\|(3) cannot be used with \s-1QUIC\s0 and applications must change to use \fIBIO_new_ssl_connect\fR\|(3) instead. .IP "\(bu" 4 \&\fISSL_shutdown\fR\|(3) has significant changes in relation to how \s-1QUIC\s0 connections must be shut down. In particular, applications should be advised that the full RFC-conformant \s-1QUIC\s0 shutdown process may take an extended amount of time. This may not be suitable for short-lived processes which should exit immediately after their usage of a \s-1QUIC\s0 connection is completed. A rapid shutdown mode is available for such applications. For details, see \fISSL_shutdown\fR\|(3). .IP "\(bu" 4 \&\fISSL_want\fR\|(3), \fISSL_want_read\fR\|(3) and \fISSL_want_write\fR\|(3) no longer reflect the I/O state of the network \s-1BIO\s0 passed to the \s-1QUIC SSL\s0 object, but instead reflect the flow control state of the \s-1QUIC\s0 stream associated with the \s-1SSL\s0 object. .Sp When used in nonblocking mode, \fB\s-1SSL_ERROR_WANT_READ\s0\fR indicates that the receive part of a \s-1QUIC\s0 stream does not currently have any more data available to be read, and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR indicates that the stream's internal buffer is full. .Sp To determine if the \s-1QUIC\s0 implementation currently wishes to be informed of incoming network datagrams, use the new function \fISSL_net_read_desired\fR\|(3); likewise, to determine if the \s-1QUIC\s0 implementation currently wishes to be informed when it is possible to transmit network datagrams, use the new function \&\fISSL_net_write_desired\fR\|(3). Only applications which wish to manage their own event loops need to use these functions; see \fBAPPLICATION-DRIVEN \s-1EVENT LOOPS\s0\fR for further discussion. .IP "\(bu" 4 The use of \s-1ALPN\s0 is mandatory when using \s-1QUIC.\s0 Attempts to connect without configuring \s-1ALPN\s0 will fail. For information on how to configure \s-1ALPN,\s0 see \&\fISSL_set_alpn_protos\fR\|(3). .IP "\(bu" 4 Whether \s-1QUIC\s0 operates in a client or server mode is determined by the \&\fB\s-1SSL_METHOD\s0\fR used, rather than by calls to \fISSL_set_connect_state\fR\|(3) or \&\fISSL_set_accept_state\fR\|(3). It is not necessary to call either of \&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state\fR\|(3) before connecting, but if either of these are called, the function called must be congruent with the \&\fB\s-1SSL_METHOD\s0\fR being used. Currently, only client mode is supported. .IP "\(bu" 4 The \fISSL_set_min_proto_version\fR\|(3) and \fISSL_set_max_proto_version\fR\|(3) APIs are not used and the values passed to them are ignored, as OpenSSL \s-1QUIC\s0 currently always uses \s-1TLS 1.3.\s0 .IP "\(bu" 4 The following libssl functionality is not available when used with \s-1QUIC.\s0 .RS 4 .IP "\(bu" 4 Async functionality .IP "\(bu" 4 \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR .IP "\(bu" 4 Record Padding and Fragmentation (\fISSL_set_block_padding\fR\|(3), etc.) .IP "\(bu" 4 \&\fISSL_stateless\fR\|(3) support .IP "\(bu" 4 \&\s-1SRTP\s0 functionality .IP "\(bu" 4 TLSv1.3 Early Data .IP "\(bu" 4 \&\s-1TLS\s0 Next Protocol Negotiation cannot be used and is superseded by \s-1ALPN,\s0 which must be used instead. The use of \s-1ALPN\s0 is mandatory with \s-1QUIC.\s0 .IP "\(bu" 4 Post-Handshake Client Authentication is not available as \s-1QUIC\s0 prohibits its use. .IP "\(bu" 4 \&\s-1QUIC\s0 requires the use of TLSv1.3 or later, therefore functionality only relevant to older \s-1TLS\s0 versions is not available. .IP "\(bu" 4 Some cipher suites which are generally available for TLSv1.3 are not available for \s-1QUIC,\s0 such as \fB\s-1TLS_AES_128_CCM_8_SHA256\s0\fR. Your application may need to adjust the list of acceptable cipher suites it passes to libssl. .IP "\(bu" 4 \&\s-1CCM\s0 mode is not currently supported. .RE .RS 4 .Sp The following libssl functionality is also not available when used with \s-1QUIC,\s0 but calls to the relevant functions are treated as no-ops: .IP "\(bu" 4 Readahead (\fISSL_set_read_ahead\fR\|(3), etc.) .RE .RS 4 .RE .SH "CONSIDERATIONS FOR EXISTING APPLICATIONS" .IX Header "CONSIDERATIONS FOR EXISTING APPLICATIONS" Existing applications seeking to adopt \s-1QUIC\s0 should apply the following list to determine what changes they will need to make: .IP "\(bu" 4 An application wishing to use \s-1QUIC\s0 must use \fIOSSL_QUIC_client_method\fR\|(3) or \&\fIOSSL_QUIC_client_thread_method\fR\|(3) as its \s-1SSL\s0 method. For more information on the differences between these two methods, see \fB\s-1THREAD ASSISTED MODE\s0\fR. .IP "\(bu" 4 Determine how to provide \s-1QUIC\s0 with network access. Determine which of the below apply for your application: .RS 4 .IP "\(bu" 4 Your application uses \fIBIO_s_socket\fR\|(3) to construct a \s-1BIO\s0 which is passed to the \s-1SSL\s0 object to provide it with network access. .Sp Changes needed: Change your application to use \fIBIO_s_datagram\fR\|(3) instead when using \s-1QUIC.\s0 The socket must be configured in nonblocking mode. You may or may not need to use \fISSL_set1_initial_peer_addr\fR\|(3) to set the initial peer address; see the \fBQUIC-SPECIFIC \s-1APIS\s0\fR section for details. .IP "\(bu" 4 Your application uses \fIBIO_new_ssl_connect\fR\|(3) to construct a \s-1BIO\s0 which is passed to the \s-1SSL\s0 object to provide it with network access. .Sp Changes needed: No changes needed. Use of \s-1QUIC\s0 is detected automatically and a datagram socket is created instead of a normal \s-1TCP\s0 socket. .IP "\(bu" 4 Your application uses any other I/O strategy in this list but combines it with a \&\fIBIO_f_buffer\fR\|(3), for example using \fIBIO_push\fR\|(3). .Sp Changes needed: Disable the usage of \fIBIO_f_buffer\fR\|(3) when using \s-1QUIC.\s0 Usage of such a buffer is incompatible with \s-1QUIC\s0 as \s-1QUIC\s0 requires datagram semantics in its interaction with the network. .IP "\(bu" 4 Your application uses a \s-1BIO\s0 pair to cause the \s-1SSL\s0 object to read and write network traffic to a memory buffer. Your application manages the transmission and reception of buffered data itself in a way unknown to libssl. .Sp Changes needed: Switch from using a conventional \s-1BIO\s0 pair to using \&\fIBIO_s_dgram_pair\fR\|(3) instead, which has the necessary datagram semantics. You will need to modify your application to transmit and receive using a \s-1UDP\s0 socket and to use datagram semantics when interacting with the \fIBIO_s_dgram_pair\fR\|(3) instance. .IP "\(bu" 4 Your application uses a custom \s-1BIO\s0 method to provide the \s-1SSL\s0 object with network access. .Sp Changes needed: The custom \s-1BIO\s0 must be re-architected to have datagram semantics. \fIBIO_sendmmsg\fR\|(3) and \fIBIO_recvmmsg\fR\|(3) must be implemented. These calls must operate in a nonblocking fashion. Optionally, implement the \&\fIBIO_get_rpoll_descriptor\fR\|(3) and \fIBIO_get_wpoll_descriptor\fR\|(3) methods if desired. Implementing these methods is required if blocking semantics at the \s-1SSL API\s0 level are desired. .RE .RS 4 .RE .IP "\(bu" 4 An application must explicitly configure whether it wishes to use the \s-1SSL\s0 APIs in blocking mode or not. Traditionally, an \s-1SSL\s0 object has automatically operated in blocking or nonblocking mode based on whether the underlying network \s-1BIO\s0 operates in blocking or nonblocking mode. \s-1QUIC\s0 requires the use of a nonblocking network \s-1BIO,\s0 therefore the blocking mode at the application level must be explicitly configured by the application using the new \&\fISSL_set_blocking_mode\fR\|(3) \s-1API.\s0 The default mode is blocking. If an application wishes to use the \s-1SSL\s0 object APIs at application level in a nonblocking manner, it must add a call to \fISSL_set_blocking_mode\fR\|(3) to disable blocking mode. .IP "\(bu" 4 If your application does not choose to use thread assisted mode, it must ensure that it calls an I/O function on the \s-1SSL\s0 object (for example, \fISSL_read\fR\|(3) or \&\fISSL_write\fR\|(3)), or the new function \fISSL_handle_events\fR\|(3), regularly. If the \&\s-1SSL\s0 object is used in blocking mode, an ongoing blocking call to an I/O function satisfies this requirement. This is required to ensure that timer events required by \s-1QUIC\s0 are handled in a timely fashion. .Sp Most applications will service the \s-1SSL\s0 object by calling \fISSL_read\fR\|(3) or \&\fISSL_write\fR\|(3) regularly. If an application does not do this, it should ensure that \fISSL_handle_events\fR\|(3) is called regularly. .Sp \&\fISSL_get_event_timeout\fR\|(3) can be used to determine when \&\fISSL_handle_events\fR\|(3) must next be called. .Sp If the \s-1SSL\s0 object is being used with an underlying network \s-1BIO\s0 which is pollable (such as \fIBIO_s_datagram\fR\|(3)), the application can use \&\fISSL_get_rpoll_descriptor\fR\|(3), \fISSL_get_wpoll_descriptor\fR\|(3) to obtain resources which can be used to determine when \fISSL_handle_events\fR\|(3) should be called due to network I/O. .Sp Applications which use thread assisted mode do not need to be concerned with this requirement, as the \s-1QUIC\s0 implementation ensures timeout events are handled in a timely manner. See \fB\s-1THREAD ASSISTED MODE\s0\fR for details. .IP "\(bu" 4 Ensure that your usage of \fISSL_want\fR\|(3), \fISSL_want_read\fR\|(3) and \&\fISSL_want_write\fR\|(3) reflects the \s-1API\s0 changes described in \fB\s-1CHANGES TO EXISTING APIS\s0\fR. In particular, you should use these APIs to determine the ability of a \&\s-1QUIC\s0 stream to receive or provide application data, not to to determine if network I/O is required. .IP "\(bu" 4 Evaluate your application's use of \fISSL_shutdown\fR\|(3) in light of the changes discussed in \fB\s-1CHANGES TO EXISTING APIS\s0\fR. Depending on whether your application wishes to prioritise \s-1RFC\s0 conformance or rapid shutdown, consider using the new \&\fISSL_shutdown_ex\fR\|(3) \s-1API\s0 instead. See \fBQUIC-SPECIFIC \s-1APIS\s0\fR for details. .SH "RECOMMENDED USAGE IN NEW APPLICATIONS" .IX Header "RECOMMENDED USAGE IN NEW APPLICATIONS" The recommended usage in new applications varies depending on three independent design decisions: .IP "\(bu" 4 Whether the application will use blocking or nonblocking I/O at the application level (configured using \fISSL_set_blocking_mode\fR\|(3)). .Sp If the application does nonblocking I/O at the application level it can choose to manage its own polling and event loop; see \fBAPPLICATION-DRIVEN \s-1EVENT LOOPS\s0\fR. .IP "\(bu" 4 Whether the application intends to give the \s-1QUIC\s0 implementation direct access to a network socket (e.g. via \fIBIO_s_datagram\fR\|(3)) or whether it intends to buffer transmitted and received datagrams via a \fIBIO_s_dgram_pair\fR\|(3) or custom \s-1BIO.\s0 .Sp The former is preferred where possible as it reduces latency to the network, which enables \s-1QUIC\s0 to achieve higher performance and more accurate connection round trip time (\s-1RTT\s0) estimation. .IP "\(bu" 4 Whether thread assisted mode will be used (see \fB\s-1THREAD ASSISTED MODE\s0\fR). .PP Simple demos for \s-1QUIC\s0 usage under these various scenarios can be found at . .PP Applications which wish to implement QUIC-specific protocols should be aware of the APIs listed under \fBQUIC-SPECIFIC \s-1APIS\s0\fR which provide access to QUIC-specific functionality. For example, \fISSL_stream_conclude\fR\|(3) can be used to indicate the end of the sending part of a stream, and \fISSL_shutdown_ex\fR\|(3) can be used to provide a \s-1QUIC\s0 application error code when closing a connection. .PP Regardless of the design decisions chosen above, it is recommended that new applications avoid use of the default stream mode and use the multi-stream \s-1API\s0 by calling \fISSL_set_default_stream_mode\fR\|(3); see the \s-1MODES OF OPERATION\s0 section for details. .SH "QUIC-SPECIFIC APIS" .IX Header "QUIC-SPECIFIC APIS" This section details new APIs which are directly or indirectly related to \s-1QUIC.\s0 For details on the operation of each \s-1API,\s0 see the referenced man pages. .PP The following \s-1SSL\s0 APIs are new but relevant to both \s-1QUIC\s0 and \s-1DTLS:\s0 .IP "\fISSL_get_event_timeout\fR\|(3)" 4 .IX Item "SSL_get_event_timeout" Determines when the \s-1QUIC\s0 implementation should next be woken up via a call to \&\fISSL_handle_events\fR\|(3) (or another I/O function such as \fISSL_read\fR\|(3) or \&\fISSL_write\fR\|(3)), if ever. .Sp This can also be used with \s-1DTLS\s0 and supersedes \fIDTLSv1_get_timeout\fR\|(3) for new usage. .IP "\fISSL_handle_events\fR\|(3)" 4 .IX Item "SSL_handle_events" This is a non-specific I/O operation which makes a best effort attempt to perform any pending I/O or timeout processing. It can be used to advance the \&\s-1QUIC\s0 state machine by processing incoming network traffic, generating outgoing network traffic and handling any expired timeout events. Most other I/O functions on an \s-1SSL\s0 object, such as \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) implicitly perform event handling on the \s-1SSL\s0 object, so calling this function is only needed if no other I/O function is to be called. .Sp This can also be used with \s-1DTLS\s0 and supersedes \fIDTLSv1_handle_timeout\fR\|(3) for new usage. .PP The following \s-1SSL\s0 APIs are specific to \s-1QUIC:\s0 .IP "\fISSL_set_blocking_mode\fR\|(3), \fISSL_get_blocking_mode\fR\|(3)" 4 .IX Item "SSL_set_blocking_mode, SSL_get_blocking_mode" Configures whether blocking semantics are used at the application level. This determines whether calls to functions such as \fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) will block. .IP "\fISSL_get_rpoll_descriptor\fR\|(3), \fISSL_get_wpoll_descriptor\fR\|(3)" 4 .IX Item "SSL_get_rpoll_descriptor, SSL_get_wpoll_descriptor" These functions facilitate operation in nonblocking mode. .Sp When an \s-1SSL\s0 object is being used with an underlying network read \s-1BIO\s0 which supports polling, \fISSL_get_rpoll_descriptor\fR\|(3) outputs an \s-1OS\s0 resource which can be used to synchronise on network readability events which should result in a call to \fISSL_handle_events\fR\|(3). \fISSL_get_wpoll_descriptor\fR\|(3) works in an analogous fashion for the underlying network write \s-1BIO.\s0 .Sp The poll descriptors provided by these functions need only be used when \&\fISSL_net_read_desired\fR\|(3) and \fISSL_net_write_desired\fR\|(3) return 1, respectively. .IP "\fISSL_net_read_desired\fR\|(3), \fISSL_net_write_desired\fR\|(3)" 4 .IX Item "SSL_net_read_desired, SSL_net_write_desired" These functions facilitate operation in nonblocking mode and are used in conjunction with \fISSL_get_rpoll_descriptor\fR\|(3) and \&\fISSL_get_wpoll_descriptor\fR\|(3) respectively. They determine whether the respective poll descriptor is currently relevant for the purposes of polling. .IP "\fISSL_set1_initial_peer_addr\fR\|(3)" 4 .IX Item "SSL_set1_initial_peer_addr" This function can be used to set the initial peer address for an outgoing \s-1QUIC\s0 connection. This function must be used in the general case when creating an outgoing \s-1QUIC\s0 connection; however, the correct initial peer address can be autodetected in some cases. See \fISSL_set1_initial_peer_addr\fR\|(3) for details. .IP "\fISSL_shutdown_ex\fR\|(3)" 4 .IX Item "SSL_shutdown_ex" This augments \fISSL_shutdown\fR\|(3) by allowing an application error code to be specified. It also allows a client to decide how quickly it wants a shutdown to be performed, potentially by trading off strict \s-1RFC\s0 compliance. .IP "\fISSL_stream_conclude\fR\|(3)" 4 .IX Item "SSL_stream_conclude" This allows an application to indicate the normal end of the sending part of a \&\s-1QUIC\s0 stream. This corresponds to the \s-1FIN\s0 flag in the \s-1QUIC RFC.\s0 The receiving part of a stream remains usable. .IP "\fISSL_stream_reset\fR\|(3)" 4 .IX Item "SSL_stream_reset" This allows an application to indicate the non-normal termination of the sending part of a stream. This corresponds to the \s-1RESET_STREAM\s0 frame in the \s-1QUIC RFC.\s0 .IP "\fISSL_get_stream_write_state\fR\|(3) and \fISSL_get_stream_read_state\fR\|(3)" 4 .IX Item "SSL_get_stream_write_state and SSL_get_stream_read_state" This allows an application to determine the current stream states for the sending and receiving parts of a stream respectively. .IP "\fISSL_get_stream_write_error_code\fR\|(3) and \fISSL_get_stream_read_error_code\fR\|(3)" 4 .IX Item "SSL_get_stream_write_error_code and SSL_get_stream_read_error_code" This allows an application to determine the application error code which was signalled by a peer which has performed a non-normal stream termination of the respective sending or receiving part of a stream, if any. .IP "\fISSL_get_conn_close_info\fR\|(3)" 4 .IX Item "SSL_get_conn_close_info" This allows an application to determine the error code which was signalled when the local or remote endpoint terminated the \s-1QUIC\s0 connection. .IP "\fISSL_get0_connection\fR\|(3)" 4 .IX Item "SSL_get0_connection" Gets the \s-1QUIC\s0 connection \s-1SSL\s0 object from a \s-1QUIC\s0 stream \s-1SSL\s0 object. .IP "\fISSL_is_connection\fR\|(3)" 4 .IX Item "SSL_is_connection" Returns 1 if a \s-1SSL\s0 object is not a \s-1QUIC\s0 stream \s-1SSL\s0 object. .IP "\fISSL_get_stream_type\fR\|(3)" 4 .IX Item "SSL_get_stream_type" Provides information on the kind of \s-1QUIC\s0 stream which is attached to the \s-1SSL\s0 object. .IP "\fISSL_get_stream_id\fR\|(3)" 4 .IX Item "SSL_get_stream_id" Returns the \s-1QUIC\s0 stream \s-1ID\s0 which the \s-1QUIC\s0 protocol has associated with a \s-1QUIC\s0 stream. .IP "\fISSL_new_stream\fR\|(3)" 4 .IX Item "SSL_new_stream" Creates a new \s-1QUIC\s0 stream \s-1SSL\s0 object representing a new, locally-initiated \s-1QUIC\s0 stream. .IP "\fISSL_accept_stream\fR\|(3)" 4 .IX Item "SSL_accept_stream" Potentially yields a new \s-1QUIC\s0 stream \s-1SSL\s0 object representing a new remotely-initiated \s-1QUIC\s0 stream, blocking until one is available if the connection is configured to do so. .IP "\fISSL_get_accept_stream_queue_len\fR\|(3)" 4 .IX Item "SSL_get_accept_stream_queue_len" Provides information on the number of pending remotely-initiated streams. .IP "\fISSL_set_incoming_stream_policy\fR\|(3)" 4 .IX Item "SSL_set_incoming_stream_policy" Configures how incoming, remotely-initiated streams are handled. The incoming stream policy can be used to automatically reject streams created by the peer, or allow them to be handled using \fISSL_accept_stream\fR\|(3). .IP "\fISSL_set_default_stream_mode\fR\|(3)" 4 .IX Item "SSL_set_default_stream_mode" Used to configure or disable default stream mode; see the \s-1MODES OF OPERATION\s0 section for details. .PP The following \s-1BIO\s0 APIs are not specific to \s-1QUIC\s0 but have been added to facilitate QUIC-specific requirements and are closely associated with its use: .IP "\fIBIO_s_dgram_pair\fR\|(3)" 4 .IX Item "BIO_s_dgram_pair" This is a new \s-1BIO\s0 method which is similar to a conventional \s-1BIO\s0 pair but provides datagram semantics. .IP "\fIBIO_get_rpoll_descriptor\fR\|(3), \fIBIO_get_wpoll_descriptor\fR\|(3)" 4 .IX Item "BIO_get_rpoll_descriptor, BIO_get_wpoll_descriptor" This is a new \s-1BIO API\s0 which allows a \s-1BIO\s0 to expose a poll descriptor. This \s-1API\s0 is used to implement the corresponding \s-1SSL\s0 APIs \fISSL_get_rpoll_descriptor\fR\|(3) and \fISSL_get_wpoll_descriptor\fR\|(3). .IP "\fIBIO_sendmmsg\fR\|(3), \fIBIO_recvmmsg\fR\|(3)" 4 .IX Item "BIO_sendmmsg, BIO_recvmmsg" This is a new \s-1BIO API\s0 which can be implemented by BIOs which implement datagram semantics. It is implemented by \fIBIO_s_datagram\fR\|(3) and \fIBIO_s_dgram_pair\fR\|(3). It is used by the \s-1QUIC\s0 implementation to send and receive \s-1UDP\s0 datagrams. .IP "\fIBIO_dgram_set_no_trunc\fR\|(3), \fIBIO_dgram_get_no_trunc\fR\|(3)" 4 .IX Item "BIO_dgram_set_no_trunc, BIO_dgram_get_no_trunc" By default, \fIBIO_s_dgram_pair\fR\|(3) has semantics comparable to those of Berkeley sockets being used with datagram semantics. This allows an alternative mode to be enabled in which datagrams will not be silently truncated if they are too large. .IP "\fIBIO_dgram_set_caps\fR\|(3), \fIBIO_dgram_get_caps\fR\|(3)" 4 .IX Item "BIO_dgram_set_caps, BIO_dgram_get_caps" These functions are used to allow the user of one end of a \&\fIBIO_s_dgram_pair\fR\|(3) to indicate its capabilities to the other end of a \&\fIBIO_s_dgram_pair\fR\|(3). In particular, this allows an application to inform the \&\s-1QUIC\s0 implementation of whether it is prepared to handle local and/or peer addresses in transmitted datagrams and to provide the applicable information in received datagrams. .IP "\fIBIO_dgram_get_local_addr_cap\fR\|(3), \fIBIO_dgram_set_local_addr_enable\fR\|(3), \fIBIO_dgram_get_local_addr_enable\fR\|(3)" 4 .IX Item "BIO_dgram_get_local_addr_cap, BIO_dgram_set_local_addr_enable, BIO_dgram_get_local_addr_enable" Local addressing support refers to the ability of a \s-1BIO\s0 with datagram semantics to allow a source address to be specified on transmission and to report the destination address on reception. These functions can be used to determine if a \&\s-1BIO\s0 can support local addressing and to enable local addressing support if it can. .IP "\fIBIO_err_is_non_fatal\fR\|(3)" 4 .IX Item "BIO_err_is_non_fatal" This is used to determine if an error while calling \fIBIO_sendmmsg\fR\|(3) or \&\fIBIO_recvmmsg\fR\|(3) is ephemeral in nature, such as \*(L"would block\*(R" errors. .SH "THREAD ASSISTED MODE" .IX Header "THREAD ASSISTED MODE" The optional thread assisted mode can be used with \&\fIOSSL_QUIC_client_thread_method\fR\|(3). In this mode, a background thread is created automatically. The OpenSSL \s-1QUIC\s0 implementation then takes responsibility for ensuring that timeout events are handled on a timely basis even if no \s-1SSL I/O\s0 function such as \fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) is called by the application for a long time. .PP All necessary locking is handled automatically internally, but the thread safety guarantees for the public \s-1SSL API\s0 are unchanged. Therefore, an application must still do its own locking if it wishes to make concurrent use of the public \s-1SSL\s0 APIs. .PP Because this method relies on threads, it is not available on platforms where threading support is not available or not supported by OpenSSL. However, it does provide the simplest mode of usage for an application. .PP The implementation may or may not use a common thread or thread pool to service multiple \s-1SSL\s0 objects in the same \fB\s-1SSL_CTX\s0\fR. .SH "APPLICATION-DRIVEN EVENT LOOPS" .IX Header "APPLICATION-DRIVEN EVENT LOOPS" OpenSSL's \s-1QUIC\s0 implementation is designed to facilitate applications which wish to use the \s-1SSL\s0 APIs in a blocking fashion, but is also designed to facilitate applications which wish to use the \s-1SSL\s0 APIs in a nonblocking fashion and manage their own event loops and polling directly. This is useful when it is desirable to host OpenSSL's \s-1QUIC\s0 implementation on top of an application's existing nonblocking I/O infrastructure. .PP This is supported via the concept of poll descriptors; see \&\fIBIO_get_rpoll_descriptor\fR\|(3) for details. Broadly, a \fB\s-1BIO_POLL_DESCRIPTOR\s0\fR is a structure which expresses some kind of \s-1OS\s0 resource which can be used to synchronise on I/O events. The \s-1QUIC\s0 implementation provides a \&\fB\s-1BIO_POLL_DESCRIPTOR\s0\fR based on the poll descriptor provided by the underlying network \s-1BIO.\s0 This is typically an \s-1OS\s0 socket handle, though custom BIOs could choose to implement their own custom poll descriptor format. .PP Broadly, an application which wishes to manage its own event loop should interact with the \s-1SSL\s0 object as follows: .IP "\(bu" 4 It should provide read and write BIOs with nonblocking datagram semantics to the \s-1SSL\s0 object using \fISSL_set0_rbio\fR\|(3) and \fISSL_set0_wbio\fR\|(3). This could be a \s-1BIO\s0 abstracting a network socket such as \fIBIO_s_datagram\fR\|(3), or a \s-1BIO\s0 abstracting some kind of memory buffer such as \fIBIO_s_dgram_pair\fR\|(3). Use of a custom \s-1BIO\s0 is also possible. .IP "\(bu" 4 It should configure the \s-1SSL\s0 object into nonblocking mode by calling \&\fISSL_set_blocking_mode\fR\|(3). .IP "\(bu" 4 It should configure the \s-1SSL\s0 object as desired, set an initial peer as needed using \fISSL_set1_initial_peer_addr\fR\|(3), and trigger the connection process by calling \fISSL_connect\fR\|(3). .IP "\(bu" 4 If the network read and write BIOs provided were pollable (for example, a \fIBIO_s_datagram\fR\|(3), or a custom \s-1BIO\s0 which implements \&\fIBIO_get_rpoll_descriptor\fR\|(3) and \fIBIO_get_wpoll_descriptor\fR\|(3)), it should perform the following steps repeatedly: .RS 4 .IP "\(bu" 4 The application should call \fISSL_get_rpoll_descriptor\fR\|(3) and \&\fISSL_get_wpoll_descriptor\fR\|(3) to identify \s-1OS\s0 resources which can be used for synchronisation. .IP "\(bu" 4 It should call \fISSL_net_read_desired\fR\|(3) and \fISSL_net_write_desired\fR\|(3) to determine whether the \s-1QUIC\s0 implementation is currently interested in readability and writability events on the underlying network \s-1BIO\s0 which was provided, and call \&\fISSL_get_event_timeout\fR\|(3) to determine if any timeout event will become applicable in the future. .IP "\(bu" 4 It should wait until one of the following events occurs: .RS 4 .IP "\(bu" 4 The poll descriptor returned by \fISSL_get_rpoll_descriptor\fR\|(3) becomes readable (if \fISSL_net_read_desired\fR\|(3) returned 1); .IP "\(bu" 4 The poll descriptor returned by \fISSL_get_wpoll_descriptor\fR\|(3) becomes writable (if \fISSL_net_write_desired\fR\|(3) returned 1); .IP "\(bu" 4 The timeout returned by \fISSL_get_event_timeout\fR\|(3) (if any) expires. .RE .RS 4 .Sp Once any of these events occurs, \fISSL_handle_events\fR\|(3) should be called. .RE .RE .RS 4 .RE .IP "\(bu" 4 If the network read and write BIOs provided were not pollable (for example, in the case of \fIBIO_s_dgram_pair\fR\|(3)), the application is responsible for managing and synchronising network I/O. It should call \fISSL_handle_events\fR\|(3) after it writes data to a \fIBIO_s_dgram_pair\fR\|(3) or otherwise takes action so that the \&\s-1QUIC\s0 implementation can read new datagrams via a call to \fIBIO_recvmmsg\fR\|(3) on the underlying network \s-1BIO.\s0 The \s-1QUIC\s0 implementation may output datagrams via a call to \fIBIO_sendmmsg\fR\|(3) and the application is responsible for ensuring these are transmitted. .Sp The application must call \fISSL_get_event_timeout\fR\|(3) after every call to \&\fISSL_handle_events\fR\|(3) (or another I/O function on the \s-1SSL\s0 object), and ensure that a call to \fISSL_handle_events\fR\|(3) is performed after the specified timeout (if any). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fISSL_handle_events\fR\|(3), \fISSL_get_event_timeout\fR\|(3), \&\fISSL_net_read_desired\fR\|(3), \fISSL_net_write_desired\fR\|(3), \&\fISSL_get_rpoll_descriptor\fR\|(3), \fISSL_get_wpoll_descriptor\fR\|(3), \&\fISSL_set_blocking_mode\fR\|(3), \fISSL_shutdown_ex\fR\|(3), \&\fISSL_set1_initial_peer_addr\fR\|(3), \fISSL_stream_conclude\fR\|(3), \&\fISSL_stream_reset\fR\|(3), \fISSL_get_stream_read_state\fR\|(3), \&\fISSL_get_stream_read_error_code\fR\|(3), \fISSL_get_conn_close_info\fR\|(3), \&\fISSL_get0_connection\fR\|(3), \fISSL_get_stream_type\fR\|(3), \fISSL_get_stream_id\fR\|(3), \&\fISSL_new_stream\fR\|(3), \fISSL_accept_stream\fR\|(3), \&\fISSL_set_incoming_stream_policy\fR\|(3), \fISSL_set_default_stream_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at .