summaryrefslogtreecommitdiffstats
path: root/upstream/archlinux/man7/openssl-quic.7ssl
blob: bd866456098aa9a982ece1b9aec16c6dc788801e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "OPENSSL-QUIC 7ssl"
.TH OPENSSL-QUIC 7ssl 2024-04-28 3.3.0 OpenSSL
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
openssl\-quic \- OpenSSL QUIC
.SH DESCRIPTION
.IX Header "DESCRIPTION"
OpenSSL 3.2 and later features support for the QUIC transport protocol.
Currently, only client connectivity is supported. This man page describes the
usage of QUIC client functionality for both existing and new applications.
.PP
QUIC functionality uses the standard SSL API. A QUIC connection is represented
by an SSL object in the same way that a TLS connection is. Only minimal changes
are needed to existing applications making use of the libssl APIs to make use of
QUIC client functionality. To make use of QUIC, use the SSL method
\&\fBOSSL_QUIC_client_method\fR\|(3) or \fBOSSL_QUIC_client_thread_method\fR\|(3) with
\&\fBSSL_CTX_new\fR\|(3).
.PP
When a QUIC connection is created, by default, it operates in default stream
mode, which is intended to provide compatibility with existing non-QUIC
application usage patterns. In this mode, the connection has a single
stream associated with it. Calls to \fBSSL_read\fR\|(3) and
\&\fBSSL_write\fR\|(3) on the QUIC connection SSL object read and write from that
stream. Whether the stream is client-initiated or server-initiated from a QUIC
perspective depends on whether \fBSSL_read\fR\|(3) or \fBSSL_write\fR\|(3) is called
first. See the MODES OF OPERATION section for more information.
.PP
The default stream mode is intended for compatibility with existing
applications. New applications using QUIC are recommended to disable default
stream mode and use the multi-stream API; see the MODES OF OPERATION section and
the RECOMMENDATIONS FOR NEW APPLICATIONS section for more information.
.PP
The remainder of this man page discusses, in order:
.IP \(bu 4
Default stream mode versus multi-stream mode;
.IP \(bu 4
The changes to existing libssl APIs which are driven by QUIC-related implementation
requirements, which existing applications should bear in mind;
.IP \(bu 4
Aspects which must be considered by existing applications when adopting QUIC,
including potential changes which may be needed.
.IP \(bu 4
Recommended usage approaches for new applications.
.IP \(bu 4
New, QUIC-specific APIs.
.SH "MODES OF OPERATION"
.IX Header "MODES OF OPERATION"
.SS "Default Stream Mode"
.IX Subsection "Default Stream Mode"
A QUIC client connection can be used in either default stream mode or
multi-stream mode. By default, a newly created QUIC connection SSL object uses
default stream mode.
.PP
In default stream mode, a stream is implicitly created and bound to the QUIC
connection SSL object; \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3) calls to the QUIC
connection SSL object work by default and are mapped to that stream.
.PP
When default stream mode is used, any API function which can be called on a QUIC
stream SSL object can also be called on a QUIC connection SSL object, in which
case it affects the default stream bound to the connection.
.PP
The identity of a QUIC stream, including its stream ID, varies depending on
whether a stream is client-initiated or server-initiated. In default stream
mode, if a client application calls \fBSSL_read\fR\|(3) first before any call to
\&\fBSSL_write\fR\|(3) on the connection, it is assumed that the application protocol
is using a server-initiated stream, and the \fBSSL_read\fR\|(3) call will not
complete (either blocking, or failing appropriately if nonblocking mode is
configured) until the server initiates a stream. Conversely, if the client
application calls \fBSSL_write\fR\|(3) before any call to \fBSSL_read\fR\|(3) on the
connection, it is assumed that a client-initiated stream is to be used
and such a stream is created automatically.
.PP
Default stream mode is intended to aid compatibility with legacy applications.
New applications adopting QUIC should use multi-stream mode, described below,
and avoid use of the default stream functionality.
.PP
It is possible to use additional streams in default stream mode using
\&\fBSSL_new_stream\fR\|(3) and \fBSSL_accept_stream\fR\|(3); note that the default incoming
stream policy will need to be changed using \fBSSL_set_incoming_stream_policy\fR\|(3)
in order to use \fBSSL_accept_stream\fR\|(3) in this case. However, applications
using additional streams are strongly recommended to use multi-stream mode
instead.
.PP
Calling \fBSSL_new_stream\fR\|(3) or \fBSSL_accept_stream\fR\|(3) before a default stream
has been associated with the QUIC connection SSL object will inhibit future
creation of a default stream.
.SS "Multi-Stream Mode"
.IX Subsection "Multi-Stream Mode"
The recommended usage mode for new applications adopting QUIC is multi-stream
mode, in which no default stream is attached to the QUIC connection SSL object
and attempts to call \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3) on the QUIC connection
SSL object fail. Instead, an application calls \fBSSL_new_stream\fR\|(3) or
\&\fBSSL_accept_stream\fR\|(3) to create individual stream SSL objects for sending and
receiving application data using \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3).
.PP
To use multi-stream mode, call \fBSSL_set_default_stream_mode\fR\|(3) with an
argument of \fBSSL_DEFAULT_STREAM_MODE_NONE\fR; this function must be called prior
to initiating the connection. The default stream mode cannot be changed after
initiating a connection.
.PP
When multi-stream mode is used, meaning that no default stream is associated
with the connection, calls to API functions which are defined as operating on a
QUIC stream fail if called on the QUIC connection SSL object. For example, calls
such as \fBSSL_write\fR\|(3) or \fBSSL_get_stream_id\fR\|(3) will fail.
.SH "CHANGES TO EXISTING APIS"
.IX Header "CHANGES TO EXISTING APIS"
Most SSL APIs, such as \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3), function as they do
for TLS connections and do not have changed semantics, with some exceptions. The
changes to the semantics of existing APIs are as follows:
.IP \(bu 4
Since QUIC uses UDP, \fBSSL_set_bio\fR\|(3), \fBSSL_set0_rbio\fR\|(3) and
\&\fBSSL_set0_wbio\fR\|(3) function as before, but must now receive a BIO with datagram
semantics. There are broadly four options for applications to use as a network
BIO:
.RS 4
.IP \(bu 4
\&\fBBIO_s_datagram\fR\|(3), recommended for most applications, replaces
\&\fBBIO_s_socket\fR\|(3) and provides a UDP socket.
.IP \(bu 4
\&\fBBIO_s_dgram_pair\fR\|(3) provides BIO pair-like functionality but with datagram
semantics, and is recommended for existing applications which use a BIO pair or
memory BIO to manage libssl's communication with the network.
.IP \(bu 4
\&\fBBIO_s_dgram_mem\fR\|(3) provides a simple memory BIO-like interface but with
datagram semantics. Unlike \fBBIO_s_dgram_pair\fR\|(3), it is unidirectional.
.IP \(bu 4
An application may also choose to implement a custom BIO. The new
\&\fBBIO_sendmmsg\fR\|(3) and \fBBIO_recvmmsg\fR\|(3) APIs must be supported.
.RE
.RS 4
.RE
.IP \(bu 4
\&\fBSSL_set_fd\fR\|(3), \fBSSL_set_rfd\fR\|(3) and \fBSSL_set_wfd\fR\|(3) traditionally
instantiate a \fBBIO_s_socket\fR\|(3). For QUIC, these functions instead instantiate
a \fBBIO_s_datagram\fR\|(3). This is equivalent to instantiating a
\&\fBBIO_s_datagram\fR\|(3) and using \fBSSL_set0_rbio\fR\|(3) and \fBSSL_set0_wbio\fR\|(3).
.IP \(bu 4
Traditionally, whether the application-level I/O APIs (such as \fBSSL_read\fR\|(3)
and \fBSSL_write\fR\|(3) operated in a blocking fashion was directly correlated with
whether the underlying network socket was configured in a blocking fashion. This
is no longer the case; applications must explicitly configure the desired
application-level blocking mode using \fBSSL_set_blocking_mode\fR\|(3). See
\&\fBSSL_set_blocking_mode\fR\|(3) for details.
.IP \(bu 4
Network-level I/O must always be performed in a nonblocking manner. The
application can still enjoy blocking semantics for calls to application-level
I/O functions such as \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3), but the underlying
network BIO provided to QUIC (such as a \fBBIO_s_datagram\fR\|(3)) must be configured
in nonblocking mode. For application-level blocking functionality, see
\&\fBSSL_set_blocking_mode\fR\|(3).
.IP \(bu 4
\&\fBBIO_new_ssl_connect\fR\|(3) has been changed to automatically use a
\&\fBBIO_s_datagram\fR\|(3) when used with QUIC, therefore applications which use this
do not need to change the BIO they use.
.IP \(bu 4
\&\fBBIO_new_buffer_ssl_connect\fR\|(3) cannot be used with QUIC and applications must
change to use \fBBIO_new_ssl_connect\fR\|(3) instead.
.IP \(bu 4
\&\fBSSL_shutdown\fR\|(3) has significant changes in relation to how QUIC connections
must be shut down. In particular, applications should be advised that the full
RFC-conformant QUIC shutdown process may take an extended amount of time. This
may not be suitable for short-lived processes which should exit immediately
after their usage of a QUIC connection is completed. A rapid shutdown mode
is available for such applications. For details, see \fBSSL_shutdown\fR\|(3).
.IP \(bu 4
\&\fBSSL_want\fR\|(3), \fBSSL_want_read\fR\|(3) and \fBSSL_want_write\fR\|(3) no longer reflect
the I/O state of the network BIO passed to the QUIC SSL object, but instead
reflect the flow control state of the QUIC stream associated with the SSL
object.
.Sp
When used in nonblocking mode, \fBSSL_ERROR_WANT_READ\fR indicates that the
receive part of a QUIC stream does not currently have any more data available to
be read, and \fBSSL_ERROR_WANT_WRITE\fR indicates that the stream's internal buffer
is full.
.Sp
To determine if the QUIC implementation currently wishes to be informed of
incoming network datagrams, use the new function \fBSSL_net_read_desired\fR\|(3);
likewise, to determine if the QUIC implementation currently wishes to be
informed when it is possible to transmit network datagrams, use the new function
\&\fBSSL_net_write_desired\fR\|(3). Only applications which wish to manage their own event
loops need to use these functions; see \fBAPPLICATION-DRIVEN EVENT LOOPS\fR for
further discussion.
.IP \(bu 4
The use of ALPN is mandatory when using QUIC. Attempts to connect without
configuring ALPN will fail. For information on how to configure ALPN, see
\&\fBSSL_set_alpn_protos\fR\|(3).
.IP \(bu 4
Whether QUIC operates in a client or server mode is determined by the
\&\fBSSL_METHOD\fR used, rather than by calls to \fBSSL_set_connect_state\fR\|(3) or
\&\fBSSL_set_accept_state\fR\|(3). It is not necessary to call either of
\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state\fR\|(3) before connecting, but
if either of these are called, the function called must be congruent with the
\&\fBSSL_METHOD\fR being used. Currently, only client mode is supported.
.IP \(bu 4
The \fBSSL_set_min_proto_version\fR\|(3) and \fBSSL_set_max_proto_version\fR\|(3) APIs are
not used and the values passed to them are ignored, as OpenSSL QUIC currently
always uses TLS 1.3.
.IP \(bu 4
The following libssl functionality is not available when used with QUIC.
.RS 4
.IP \(bu 4
Async functionality
.IP \(bu 4
\&\fBSSL_MODE_AUTO_RETRY\fR
.IP \(bu 4
Record Padding and Fragmentation (\fBSSL_set_block_padding\fR\|(3), etc.)
.IP \(bu 4
\&\fBSSL_stateless\fR\|(3) support
.IP \(bu 4
SRTP functionality
.IP \(bu 4
TLSv1.3 Early Data
.IP \(bu 4
TLS Next Protocol Negotiation cannot be used and is superseded by ALPN, which
must be used instead. The use of ALPN is mandatory with QUIC.
.IP \(bu 4
Post-Handshake Client Authentication is not available as QUIC prohibits its use.
.IP \(bu 4
QUIC requires the use of TLSv1.3 or later, therefore functionality only relevant
to older TLS versions is not available.
.IP \(bu 4
Some cipher suites which are generally available for TLSv1.3 are not available
for QUIC, such as \fBTLS_AES_128_CCM_8_SHA256\fR. Your application may need to
adjust the list of acceptable cipher suites it passes to libssl.
.IP \(bu 4
CCM mode is not currently supported.
.RE
.RS 4
.Sp
The following libssl functionality is also not available when used with QUIC,
but calls to the relevant functions are treated as no-ops:
.IP \(bu 4
Readahead (\fBSSL_set_read_ahead\fR\|(3), etc.)
.RE
.RS 4
.RE
.SH "CONSIDERATIONS FOR EXISTING APPLICATIONS"
.IX Header "CONSIDERATIONS FOR EXISTING APPLICATIONS"
Existing applications seeking to adopt QUIC should apply the following list to
determine what changes they will need to make:
.IP \(bu 4
An application wishing to use QUIC must use \fBOSSL_QUIC_client_method\fR\|(3) or
\&\fBOSSL_QUIC_client_thread_method\fR\|(3) as its SSL method. For more information
on the differences between these two methods, see \fBTHREAD ASSISTED MODE\fR.
.IP \(bu 4
Determine how to provide QUIC with network access. Determine which of the below
apply for your application:
.RS 4
.IP \(bu 4
Your application uses \fBBIO_s_socket\fR\|(3) to construct a BIO which is passed to
the SSL object to provide it with network access.
.Sp
Changes needed: Change your application to use \fBBIO_s_datagram\fR\|(3) instead when
using QUIC. The socket must be configured in nonblocking mode. You may or may
not need to use \fBSSL_set1_initial_peer_addr\fR\|(3) to set the initial peer
address; see the \fBQUIC-SPECIFIC APIS\fR section for details.
.IP \(bu 4
Your application uses \fBBIO_new_ssl_connect\fR\|(3) to
construct a BIO which is passed to the SSL object to provide it with network
access.
.Sp
Changes needed: No changes needed. Use of QUIC is detected automatically and a
datagram socket is created instead of a normal TCP socket.
.IP \(bu 4
Your application uses any other I/O strategy in this list but combines it with a
\&\fBBIO_f_buffer\fR\|(3), for example using \fBBIO_push\fR\|(3).
.Sp
Changes needed: Disable the usage of \fBBIO_f_buffer\fR\|(3) when using QUIC. Usage
of such a buffer is incompatible with QUIC as QUIC requires datagram semantics
in its interaction with the network.
.IP \(bu 4
Your application uses a BIO pair to cause the SSL object to read and write
network traffic to a memory buffer. Your application manages the transmission
and reception of buffered data itself in a way unknown to libssl.
.Sp
Changes needed: Switch from using a conventional BIO pair to using
\&\fBBIO_s_dgram_pair\fR\|(3) instead, which has the necessary datagram semantics. You
will need to modify your application to transmit and receive using a UDP socket
and to use datagram semantics when interacting with the \fBBIO_s_dgram_pair\fR\|(3)
instance.
.IP \(bu 4
Your application uses a custom BIO method to provide the SSL object with network
access.
.Sp
Changes needed: The custom BIO must be re-architected to have datagram
semantics. \fBBIO_sendmmsg\fR\|(3) and \fBBIO_recvmmsg\fR\|(3) must be implemented. These
calls must operate in a nonblocking fashion. Optionally, implement the
\&\fBBIO_get_rpoll_descriptor\fR\|(3) and \fBBIO_get_wpoll_descriptor\fR\|(3) methods if
desired. Implementing these methods is required if blocking semantics at the SSL
API level are desired.
.RE
.RS 4
.RE
.IP \(bu 4
An application must explicitly configure whether it wishes to use the SSL APIs
in blocking mode or not. Traditionally, an SSL object has automatically operated
in blocking or nonblocking mode based on whether the underlying network BIO
operates in blocking or nonblocking mode. QUIC requires the use of a
nonblocking network BIO, therefore the blocking mode at the application level
must be explicitly configured by the application using the new
\&\fBSSL_set_blocking_mode\fR\|(3) API. The default mode is blocking. If an application
wishes to use the SSL object APIs at application level in a nonblocking manner,
it must add a call to \fBSSL_set_blocking_mode\fR\|(3) to disable blocking mode.
.IP \(bu 4
If your application does not choose to use thread assisted mode, it must ensure
that it calls an I/O function on the SSL object (for example, \fBSSL_read\fR\|(3) or
\&\fBSSL_write\fR\|(3)), or the new function \fBSSL_handle_events\fR\|(3), regularly. If the
SSL object is used in blocking mode, an ongoing blocking call to an I/O function
satisfies this requirement. This is required to ensure that timer events
required by QUIC are handled in a timely fashion.
.Sp
Most applications will service the SSL object by calling \fBSSL_read\fR\|(3) or
\&\fBSSL_write\fR\|(3) regularly. If an application does not do this, it should ensure
that \fBSSL_handle_events\fR\|(3) is called regularly.
.Sp
\&\fBSSL_get_event_timeout\fR\|(3) can be used to determine when
\&\fBSSL_handle_events\fR\|(3) must next be called.
.Sp
If the SSL object is being used with an underlying network BIO which is pollable
(such as \fBBIO_s_datagram\fR\|(3)), the application can use
\&\fBSSL_get_rpoll_descriptor\fR\|(3), \fBSSL_get_wpoll_descriptor\fR\|(3) to obtain
resources which can be used to determine when \fBSSL_handle_events\fR\|(3) should be
called due to network I/O.
.Sp
Applications which use thread assisted mode do not need to be concerned
with this requirement, as the QUIC implementation ensures timeout events
are handled in a timely manner. See \fBTHREAD ASSISTED MODE\fR for details.
.IP \(bu 4
Ensure that your usage of \fBSSL_want\fR\|(3), \fBSSL_want_read\fR\|(3) and
\&\fBSSL_want_write\fR\|(3) reflects the API changes described in \fBCHANGES TO EXISTING
APIS\fR. In particular, you should use these APIs to determine the ability of a
QUIC stream to receive or provide application data, not to to determine if
network I/O is required.
.IP \(bu 4
Evaluate your application's use of \fBSSL_shutdown\fR\|(3) in light of the changes
discussed in \fBCHANGES TO EXISTING APIS\fR. Depending on whether your application
wishes to prioritise RFC conformance or rapid shutdown, consider using the new
\&\fBSSL_shutdown_ex\fR\|(3) API instead. See \fBQUIC-SPECIFIC APIS\fR for details.
.SH "RECOMMENDED USAGE IN NEW APPLICATIONS"
.IX Header "RECOMMENDED USAGE IN NEW APPLICATIONS"
The recommended usage in new applications varies depending on three independent
design decisions:
.IP \(bu 4
Whether the application will use blocking or nonblocking I/O at the application
level (configured using \fBSSL_set_blocking_mode\fR\|(3)).
.Sp
If the application does nonblocking I/O at the application level it can choose
to manage its own polling and event loop; see \fBAPPLICATION-DRIVEN EVENT LOOPS\fR.
.IP \(bu 4
Whether the application intends to give the QUIC implementation direct access to
a network socket (e.g. via \fBBIO_s_datagram\fR\|(3)) or whether it intends to buffer
transmitted and received datagrams via a \fBBIO_s_dgram_pair\fR\|(3) or custom BIO.
.Sp
The former is preferred where possible as it reduces latency to the network,
which enables QUIC to achieve higher performance and more accurate connection
round trip time (RTT) estimation.
.IP \(bu 4
Whether thread assisted mode will be used (see \fBTHREAD ASSISTED MODE\fR).
.PP
Simple demos for QUIC usage under these various scenarios can be found at
<https://github.com/openssl/openssl/tree/master/doc/designs/ddd>.
.PP
Applications which wish to implement QUIC-specific protocols should be aware of
the APIs listed under \fBQUIC-SPECIFIC APIS\fR which provide access to
QUIC-specific functionality. For example, \fBSSL_stream_conclude\fR\|(3) can be used
to indicate the end of the sending part of a stream, and \fBSSL_shutdown_ex\fR\|(3)
can be used to provide a QUIC application error code when closing a connection.
.PP
Regardless of the design decisions chosen above, it is recommended that new
applications avoid use of the default stream mode and use the multi-stream API
by calling \fBSSL_set_default_stream_mode\fR\|(3); see the MODES OF OPERATION section
for details.
.SH "QUIC-SPECIFIC APIS"
.IX Header "QUIC-SPECIFIC APIS"
This section details new APIs which are directly or indirectly related to QUIC.
For details on the operation of each API, see the referenced man pages.
.PP
The following SSL APIs are new but relevant to both QUIC and DTLS:
.IP \fBSSL_get_event_timeout\fR\|(3) 4
.IX Item "SSL_get_event_timeout"
Determines when the QUIC implementation should next be woken up via a call to
\&\fBSSL_handle_events\fR\|(3) (or another I/O function such as \fBSSL_read\fR\|(3) or
\&\fBSSL_write\fR\|(3)), if ever.
.Sp
This can also be used with DTLS and supersedes \fBDTLSv1_get_timeout\fR\|(3) for new
usage.
.IP \fBSSL_handle_events\fR\|(3) 4
.IX Item "SSL_handle_events"
This is a non-specific I/O operation which makes a best effort attempt to
perform any pending I/O or timeout processing. It can be used to advance the
QUIC state machine by processing incoming network traffic, generating outgoing
network traffic and handling any expired timeout events. Most other I/O
functions on an SSL object, such as \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3)
implicitly perform event handling on the SSL object, so calling this function is
only needed if no other I/O function is to be called.
.Sp
This can also be used with DTLS and supersedes \fBDTLSv1_handle_timeout\fR\|(3) for
new usage.
.PP
The following SSL APIs are specific to QUIC:
.IP "\fBSSL_set_blocking_mode\fR\|(3), \fBSSL_get_blocking_mode\fR\|(3)" 4
.IX Item "SSL_set_blocking_mode, SSL_get_blocking_mode"
Configures whether blocking semantics are used at the application level. This
determines whether calls to functions such as \fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3)
will block.
.IP "\fBSSL_get_rpoll_descriptor\fR\|(3), \fBSSL_get_wpoll_descriptor\fR\|(3)" 4
.IX Item "SSL_get_rpoll_descriptor, SSL_get_wpoll_descriptor"
These functions facilitate operation in nonblocking mode.
.Sp
When an SSL object is being used with an underlying network read BIO which
supports polling, \fBSSL_get_rpoll_descriptor\fR\|(3) outputs an OS resource which
can be used to synchronise on network readability events which should result in
a call to \fBSSL_handle_events\fR\|(3). \fBSSL_get_wpoll_descriptor\fR\|(3) works in an
analogous fashion for the underlying network write BIO.
.Sp
The poll descriptors provided by these functions need only be used when
\&\fBSSL_net_read_desired\fR\|(3) and \fBSSL_net_write_desired\fR\|(3) return 1, respectively.
.IP "\fBSSL_net_read_desired\fR\|(3), \fBSSL_net_write_desired\fR\|(3)" 4
.IX Item "SSL_net_read_desired, SSL_net_write_desired"
These functions facilitate operation in nonblocking mode and are used in
conjunction with \fBSSL_get_rpoll_descriptor\fR\|(3) and
\&\fBSSL_get_wpoll_descriptor\fR\|(3) respectively. They determine whether the
respective poll descriptor is currently relevant for the purposes of polling.
.IP \fBSSL_set1_initial_peer_addr\fR\|(3) 4
.IX Item "SSL_set1_initial_peer_addr"
This function can be used to set the initial peer address for an outgoing QUIC
connection. This function must be used in the general case when creating an
outgoing QUIC connection; however, the correct initial peer address can be
autodetected in some cases. See \fBSSL_set1_initial_peer_addr\fR\|(3) for details.
.IP \fBSSL_shutdown_ex\fR\|(3) 4
.IX Item "SSL_shutdown_ex"
This augments \fBSSL_shutdown\fR\|(3) by allowing an application error code to be
specified. It also allows a client to decide how quickly it wants a shutdown to
be performed, potentially by trading off strict RFC compliance.
.IP \fBSSL_stream_conclude\fR\|(3) 4
.IX Item "SSL_stream_conclude"
This allows an application to indicate the normal end of the sending part of a
QUIC stream. This corresponds to the FIN flag in the QUIC RFC. The receiving
part of a stream remains usable.
.IP \fBSSL_stream_reset\fR\|(3) 4
.IX Item "SSL_stream_reset"
This allows an application to indicate the non-normal termination of the sending
part of a stream. This corresponds to the RESET_STREAM frame in the QUIC RFC.
.IP "\fBSSL_get_stream_write_state\fR\|(3) and \fBSSL_get_stream_read_state\fR\|(3)" 4
.IX Item "SSL_get_stream_write_state and SSL_get_stream_read_state"
This allows an application to determine the current stream states for the
sending and receiving parts of a stream respectively.
.IP "\fBSSL_get_stream_write_error_code\fR\|(3) and \fBSSL_get_stream_read_error_code\fR\|(3)" 4
.IX Item "SSL_get_stream_write_error_code and SSL_get_stream_read_error_code"
This allows an application to determine the application error code which was
signalled by a peer which has performed a non-normal stream termination of the
respective sending or receiving part of a stream, if any.
.IP \fBSSL_get_conn_close_info\fR\|(3) 4
.IX Item "SSL_get_conn_close_info"
This allows an application to determine the error code which was signalled when
the local or remote endpoint terminated the QUIC connection.
.IP \fBSSL_get0_connection\fR\|(3) 4
.IX Item "SSL_get0_connection"
Gets the QUIC connection SSL object from a QUIC stream SSL object.
.IP \fBSSL_is_connection\fR\|(3) 4
.IX Item "SSL_is_connection"
Returns 1 if a SSL object is not a QUIC stream SSL object.
.IP \fBSSL_get_stream_type\fR\|(3) 4
.IX Item "SSL_get_stream_type"
Provides information on the kind of QUIC stream which is attached
to the SSL object.
.IP \fBSSL_get_stream_id\fR\|(3) 4
.IX Item "SSL_get_stream_id"
Returns the QUIC stream ID which the QUIC protocol has associated with a QUIC
stream.
.IP \fBSSL_new_stream\fR\|(3) 4
.IX Item "SSL_new_stream"
Creates a new QUIC stream SSL object representing a new, locally-initiated QUIC
stream.
.IP \fBSSL_accept_stream\fR\|(3) 4
.IX Item "SSL_accept_stream"
Potentially yields a new QUIC stream SSL object representing a new
remotely-initiated QUIC stream, blocking until one is available if the
connection is configured to do so.
.IP \fBSSL_get_accept_stream_queue_len\fR\|(3) 4
.IX Item "SSL_get_accept_stream_queue_len"
Provides information on the number of pending remotely-initiated streams.
.IP \fBSSL_set_incoming_stream_policy\fR\|(3) 4
.IX Item "SSL_set_incoming_stream_policy"
Configures how incoming, remotely-initiated streams are handled. The incoming
stream policy can be used to automatically reject streams created by the peer,
or allow them to be handled using \fBSSL_accept_stream\fR\|(3).
.IP \fBSSL_set_default_stream_mode\fR\|(3) 4
.IX Item "SSL_set_default_stream_mode"
Used to configure or disable default stream mode; see the MODES OF OPERATION
section for details.
.PP
The following BIO APIs are not specific to QUIC but have been added to
facilitate QUIC-specific requirements and are closely associated with its use:
.IP \fBBIO_s_dgram_pair\fR\|(3) 4
.IX Item "BIO_s_dgram_pair"
This is a new BIO method which is similar to a conventional BIO pair but
provides datagram semantics.
.IP "\fBBIO_get_rpoll_descriptor\fR\|(3), \fBBIO_get_wpoll_descriptor\fR\|(3)" 4
.IX Item "BIO_get_rpoll_descriptor, BIO_get_wpoll_descriptor"
This is a new BIO API which allows a BIO to expose a poll descriptor. This API
is used to implement the corresponding SSL APIs \fBSSL_get_rpoll_descriptor\fR\|(3)
and \fBSSL_get_wpoll_descriptor\fR\|(3).
.IP "\fBBIO_sendmmsg\fR\|(3), \fBBIO_recvmmsg\fR\|(3)" 4
.IX Item "BIO_sendmmsg, BIO_recvmmsg"
This is a new BIO API which can be implemented by BIOs which implement datagram
semantics. It is implemented by \fBBIO_s_datagram\fR\|(3) and \fBBIO_s_dgram_pair\fR\|(3).
It is used by the QUIC implementation to send and receive UDP datagrams.
.IP "\fBBIO_dgram_set_no_trunc\fR\|(3), \fBBIO_dgram_get_no_trunc\fR\|(3)" 4
.IX Item "BIO_dgram_set_no_trunc, BIO_dgram_get_no_trunc"
By default, \fBBIO_s_dgram_pair\fR\|(3) has semantics comparable to those of Berkeley
sockets being used with datagram semantics. This allows an alternative mode
to be enabled in which datagrams will not be silently truncated if they are
too large.
.IP "\fBBIO_dgram_set_caps\fR\|(3), \fBBIO_dgram_get_caps\fR\|(3)" 4
.IX Item "BIO_dgram_set_caps, BIO_dgram_get_caps"
These functions are used to allow the user of one end of a
\&\fBBIO_s_dgram_pair\fR\|(3) to indicate its capabilities to the other end of a
\&\fBBIO_s_dgram_pair\fR\|(3). In particular, this allows an application to inform the
QUIC implementation of whether it is prepared to handle local and/or peer
addresses in transmitted datagrams and to provide the applicable information in
received datagrams.
.IP "\fBBIO_dgram_get_local_addr_cap\fR\|(3), \fBBIO_dgram_set_local_addr_enable\fR\|(3), \fBBIO_dgram_get_local_addr_enable\fR\|(3)" 4
.IX Item "BIO_dgram_get_local_addr_cap, BIO_dgram_set_local_addr_enable, BIO_dgram_get_local_addr_enable"
Local addressing support refers to the ability of a BIO with datagram semantics
to allow a source address to be specified on transmission and to report the
destination address on reception. These functions can be used to determine if a
BIO can support local addressing and to enable local addressing support if it
can.
.IP \fBBIO_err_is_non_fatal\fR\|(3) 4
.IX Item "BIO_err_is_non_fatal"
This is used to determine if an error while calling \fBBIO_sendmmsg\fR\|(3) or
\&\fBBIO_recvmmsg\fR\|(3) is ephemeral in nature, such as "would block" errors.
.SH "THREAD ASSISTED MODE"
.IX Header "THREAD ASSISTED MODE"
The optional thread assisted mode can be used with
\&\fBOSSL_QUIC_client_thread_method\fR\|(3). In this mode, a background thread is
created automatically. The OpenSSL QUIC implementation then takes responsibility
for ensuring that timeout events are handled on a timely basis even if no SSL
I/O function such as \fBSSL_read\fR\|(3) or \fBSSL_write\fR\|(3) is called by the
application for a long time.
.PP
All necessary locking is handled automatically internally, but the thread safety
guarantees for the public SSL API are unchanged. Therefore, an application must
still do its own locking if it wishes to make concurrent use of the public SSL
APIs.
.PP
Because this method relies on threads, it is not available on platforms where
threading support is not available or not supported by OpenSSL. However, it
does provide the simplest mode of usage for an application.
.PP
The implementation may or may not use a common thread or thread pool to service
multiple SSL objects in the same \fBSSL_CTX\fR.
.SH "APPLICATION-DRIVEN EVENT LOOPS"
.IX Header "APPLICATION-DRIVEN EVENT LOOPS"
OpenSSL's QUIC implementation is designed to facilitate applications which wish
to use the SSL APIs in a blocking fashion, but is also designed to facilitate
applications which wish to use the SSL APIs in a nonblocking fashion and manage
their own event loops and polling directly. This is useful when it is desirable
to host OpenSSL's QUIC implementation on top of an application's existing
nonblocking I/O infrastructure.
.PP
This is supported via the concept of poll descriptors; see
\&\fBBIO_get_rpoll_descriptor\fR\|(3) for details. Broadly, a \fBBIO_POLL_DESCRIPTOR\fR is
a structure which expresses some kind of OS resource which can be used to
synchronise on I/O events. The QUIC implementation provides a
\&\fBBIO_POLL_DESCRIPTOR\fR based on the poll descriptor provided by the underlying
network BIO. This is typically an OS socket handle, though custom BIOs could
choose to implement their own custom poll descriptor format.
.PP
Broadly, an application which wishes to manage its own event loop should
interact with the SSL object as follows:
.IP \(bu 4
It should provide read and write BIOs with nonblocking datagram semantics to
the SSL object using \fBSSL_set0_rbio\fR\|(3) and \fBSSL_set0_wbio\fR\|(3). This could be
a BIO abstracting a network socket such as \fBBIO_s_datagram\fR\|(3), or a BIO
abstracting some kind of memory buffer such as \fBBIO_s_dgram_pair\fR\|(3). Use of a
custom BIO is also possible.
.IP \(bu 4
It should configure the SSL object into nonblocking mode by calling
\&\fBSSL_set_blocking_mode\fR\|(3).
.IP \(bu 4
It should configure the SSL object as desired, set an initial peer as needed
using \fBSSL_set1_initial_peer_addr\fR\|(3), and trigger the connection process by
calling \fBSSL_connect\fR\|(3).
.IP \(bu 4
If the network read and write BIOs provided were pollable (for example,
a \fBBIO_s_datagram\fR\|(3), or a custom BIO which implements
\&\fBBIO_get_rpoll_descriptor\fR\|(3) and \fBBIO_get_wpoll_descriptor\fR\|(3)), it should
perform the following steps repeatedly:
.RS 4
.IP \(bu 4
The application should call \fBSSL_get_rpoll_descriptor\fR\|(3) and
\&\fBSSL_get_wpoll_descriptor\fR\|(3) to identify OS resources which can be used for
synchronisation.
.IP \(bu 4
It should call \fBSSL_net_read_desired\fR\|(3) and \fBSSL_net_write_desired\fR\|(3) to determine
whether the QUIC implementation is currently interested in readability and
writability events on the underlying network BIO which was provided, and call
\&\fBSSL_get_event_timeout\fR\|(3) to determine if any timeout event will become
applicable in the future.
.IP \(bu 4
It should wait until one of the following events occurs:
.RS 4
.IP \(bu 4
The poll descriptor returned by \fBSSL_get_rpoll_descriptor\fR\|(3) becomes readable
(if \fBSSL_net_read_desired\fR\|(3) returned 1);
.IP \(bu 4
The poll descriptor returned by \fBSSL_get_wpoll_descriptor\fR\|(3) becomes writable
(if \fBSSL_net_write_desired\fR\|(3) returned 1);
.IP \(bu 4
The timeout returned by \fBSSL_get_event_timeout\fR\|(3) (if any) expires.
.RE
.RS 4
.Sp
Once any of these events occurs, \fBSSL_handle_events\fR\|(3) should be called.
.RE
.RE
.RS 4
.RE
.IP \(bu 4
If the network read and write BIOs provided were not pollable (for example, in
the case of \fBBIO_s_dgram_pair\fR\|(3)), the application is responsible for managing
and synchronising network I/O. It should call \fBSSL_handle_events\fR\|(3) after it
writes data to a \fBBIO_s_dgram_pair\fR\|(3) or otherwise takes action so that the
QUIC implementation can read new datagrams via a call to \fBBIO_recvmmsg\fR\|(3) on
the underlying network BIO. The QUIC implementation may output datagrams via a
call to \fBBIO_sendmmsg\fR\|(3) and the application is responsible for ensuring these
are transmitted.
.Sp
The application must call \fBSSL_get_event_timeout\fR\|(3) after every call to
\&\fBSSL_handle_events\fR\|(3) (or another I/O function on the SSL object), and ensure
that a call to \fBSSL_handle_events\fR\|(3) is performed after the specified timeout
(if any).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBSSL_handle_events\fR\|(3), \fBSSL_get_event_timeout\fR\|(3),
\&\fBSSL_net_read_desired\fR\|(3), \fBSSL_net_write_desired\fR\|(3),
\&\fBSSL_get_rpoll_descriptor\fR\|(3), \fBSSL_get_wpoll_descriptor\fR\|(3),
\&\fBSSL_set_blocking_mode\fR\|(3), \fBSSL_shutdown_ex\fR\|(3),
\&\fBSSL_set1_initial_peer_addr\fR\|(3), \fBSSL_stream_conclude\fR\|(3),
\&\fBSSL_stream_reset\fR\|(3), \fBSSL_get_stream_read_state\fR\|(3),
\&\fBSSL_get_stream_read_error_code\fR\|(3), \fBSSL_get_conn_close_info\fR\|(3),
\&\fBSSL_get0_connection\fR\|(3), \fBSSL_get_stream_type\fR\|(3), \fBSSL_get_stream_id\fR\|(3),
\&\fBSSL_new_stream\fR\|(3), \fBSSL_accept_stream\fR\|(3),
\&\fBSSL_set_incoming_stream_policy\fR\|(3), \fBSSL_set_default_stream_mode\fR\|(3)
.SH COPYRIGHT
.IX Header "COPYRIGHT"
Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.