Design¶
Sans-IO APIs¶
Both the QUIC and the HTTP/3 APIs follow the sans I/O pattern, leaving actual I/O operations to the API user. This approach has a number of advantages including making the code testable and allowing integration with different concurrency models.
TLS and encryption¶
TLS 1.3¶
aioquic
features a minimal TLS 1.3 implementation built upon the
cryptography library. This is because QUIC requires some APIs which are
currently unavailable in mainstream TLS implementations such as OpenSSL:
the ability to extract traffic secrets
the ability to operate directly on TLS messages, without using the TLS record layer
Header protection and payload encryption¶
QUIC makes extensive use of cryptographic operations to protect QUIC packet headers and encrypt packet payloads. These operations occur for every single packet and are a determining factor for performance. For this reason, they are implemented as a C extension linked to OpenSSL.