Note this is a blog post from 2021, which should be added to the title. The information included is out of date by several years now.<p>OpenSSL has done stuff with QUIC since then, a cursory search turned up this README in their main repo on using QUIC and OpenSSL: <a href="https://github.com/openssl/openssl/blob/master/README-QUIC.md">https://github.com/openssl/openssl/blob/master/README-QUIC.m...</a>
As an HTTP server author, this doesn't surprise me.<p>We've ceded HTTP specification development to the big guys, and in so doing have made it more or less impossible to implement without resources on their scale. Have you looked at RFC 9000 et al? They're <i>monstrously</i> big, far larger than most independent shops could ever hope to economically pull off. The only way to comprehensively implement something of that scale is to have Google level resources to throw entire teams of engineers and years of focus at it.<p>I've long said that any protocol worthy of being foundational should be reasonably implementable as a fourth-year term project. It doesn't have to be production ready or ergonomic or even generally useful, but if a group of fourth year CS students can't pull an end-to-end implementation together in a semester, the protocol is just too complex. It's not perfect, but it's as good of a yardstick as I've found.<p>HTTP/1 passes this test easily; you can make a working version of it in about ninety seconds right in your terminal. HTTP/2 looks intimidating at first glance, but it's so much better specified than HTTP/1 that it's almost easier to get to a reasonable implementation. HTTP/3 on the other hand is...... well, weeks (if not months) of work just to get a QUIC foundation working reasonably well enough that you could hope to start iterating on connections from a 'real' peer, and THEN you have to start on RFC 9114. Not to mention that the way it's structured you end up doing most of that work in the dark, hoping that you line everything up just so so that your first Hello World actually works. It's a way of working that is completely at odds with the hacker ethos that the best foundational protocols have in spades, and ends up looking and acting like what it is: a tool by the big guys, for the big guys. The rest of the internet need not apply.
Just recently apt listchanges informed me that "curl" (the binary) switched to gnuTLS to support HTTP3 (libcurl remained on openSSL for compatibility). So I assume this is still not fully resolved.