A rough timeline of QUIC support in OpenSSL-like libraries:
-
BoringSSL implements QUIC.
-
Quiche, a QUIC library, requires BoringSSL. Nginx can be patched to use Quiche for HTTP/3.
-
Nginx’s experimental QUIC branch (nginx-quic) is released. It requires BoringSSL.
-
Some organizations (mostly Akamai) fork OpenSSL to implement the BoringSSL QUIC API, calling their fork QuicTLS. They plan to upstream changes.
-
nginx-quic supports building with QuicTLS too.
-
OpenSSL decides against the BoringSSL API and declines QuicTLS patches, preferring to write their own incompatible implementation.
-
LibreSSL implements the BoringSSL QUIC API.
-
nginx-quic can link against LibreSSL as well as BoringSSL and QuicTLS; they all use similar APIs.
(I believe wolfSSL is mostly compatible with the BoringSSL QUIC API, but I might be wrong.)
Developers will have a harder time supporting multiple TLS implementations, hurting the viability of e.g. LibreSSL-based distributions.