I'm worried we'll end up with compatibility issues again, just like with the previous version bumps. Ultimately I prefer staying with gnutls where supported.
​​​

Rust is bout as retarded as Donal Trump

Rust isnt as secure as you think it is

Google seems to think so, they're hiring the guy who work to integrate Rust into the Linux kernel to work on that because they believe it will improve the security of Linux, Chrome OS and Android.

Microsoft seems to think so, they're employing Rust in the Windows kernel.

In general, it is easier to write safe code in Rust then in C. You need to know less because it simply doesn't allow you to do everything.

The rust documentation describes the issues:


It is certainly possible to write safe code in C++ too. I did it for years and I am pretty confident that most of my programs were safe and sound, some of them running for years in server environments without issues. A little tool that was installed on all domain controllers of a huge company survived a couple of audits without any real findings.

But when you develop in C and C++ you certainly have to know more and have to be more careful. And you still make mistakes sometimes. Those languages allow all kinds of crazy things and there are features in the language, that allow you to write really obfuscated code.

Rust does it better and simply forces the developer to do things a certain way. And while this may sound bad, it actually is a good thing. It doesn't allow you to shoot you in foot. So, Rust is IMHO safer than C or C++.

QUIC is a different layer outside of OpenSSL's concern. OpenSSL is about TLS, not about HTTP or TCP or UDP. Other libraries will probably implement QUIC using OpenSSL to provide their TLS stack, but it's not their job to worry about it.

Yes, but it requires changes in OpenSSL for it to work. I do not know the details though. There is a PR ready for it but it's being stalled for some reason. Some projects even switched to Google's version of OpenSSL the BoringSSL. (eg. nginx)

Ahh, okay, reading through all the documentation, it looks like QUIC uses an odd variant of TLS 1.3 that really should have been called TLS 1.4, to get working that OpenSSL 3 wasn't ready to support, given Google, and other implementors', histories of changing specs at the last minute. I imagine that support will be dropped in soon now that we have a final version of HTTP 3, with an actual specification document, and not Google's rough approximations.