Download Latest Version v0.52.0 source code.tar.gz (629.0 kB)
Email in envelope

Get an email when there's a new version of A QUIC implementation in pure Go

Home / v0.50.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2025-02-20 6.4 kB
0
v0.50.0 source code.tar.gz 2025-02-20 618.3 kB
1 1 weekly downloads
v0.50.0 source code.zip 2025-02-20 849.4 kB
0
Totals: 3 Items   1.5 MB 1

This release implements server-side path-probing (as described in section 9 of RFC 9000): [#4932], [#4933], [#4935], [#4938], [#4939], [#4940], [#4941], [#4944], [#4947], [#4959].

When the server receives a packet for an existing connection from a different IP address / port, it first needs to probe the new path before it can send packets on that path. This happens when the client experiences a NAT rebinding, and when the client attempts to migrate to a new connection. Previous versions of quic-go would accept the packets from the new path, but never switch to the new path.

Note that the client side connection migration logic (#234) is not yet implemented in quic-go (but we're working on it!).

Major Changes

  • use the new crypto/tls 0-RTT API that we helped design in 2023: [#4953]
  • use a ringbuffer to store received packets, significantly reducing memory consumption: [#4929]
  • according to our Go version policy, we removed support for Go 1.22. quic-go now requires Go 1.23 or Go 1.24: [#4880]
  • the connection timer logic was refactored, enabling future changes to this code path: [#4927]

Other Fixes

  • fix busy-looping when pacing packets and the send queue blocks: [#4943]
  • don't drop undecryptable packets when deriving 2 sets of keys at the same time (i.e. when resuming a 0-RTT connection): [#4950]

Go 1.24 FIPS 140-3 Caveats

Go 1.24 made several changes related to FIPS 140-3 compliance. Among others, it introduced a fips-only mode (enabled by setting GODEBUG="fips140=only").

It is not possible to use quic-go in fips-only mode, since the QUIC RFC requires initializing an AES GCM cipher with a fixed nonce, which is considered unsafe according to FIPS 140-3, or at least the Go team's interpretation thereof. See https://github.com/quic-go/quic-go/issues/4894 and the discussion on Go issue [#69536].

Before v0.50.0, quic-go would initialize the AES cipher on init, leading to a panic when using fips-only mode. For v0.50.0 we changed this behavior to lazy initialization (https://github.com/quic-go/quic-go/pull/4916). Note that this still means it's not possible to use QUIC in fips-only mode.

Changelog

Full Changelog: https://github.com/quic-go/quic-go/compare/v0.49.0...v0.50.0

Source: README.md, updated 2025-02-20