It looks like the #OpenSSL QUIC API might be supported in the coming #ngtcp2 1.12.0 release:
https://github.com/ngtcp2/ngtcp2/pull/1582
This could be exciting for #curl users building with #OpenSSL ...
#OpenSSL 
-- Now is the time to nominate for the Technical Advisory Committees (TACs)
https://github.com/openssl/openssl/discussions/27326
From #OpenSSL -- Recent discussions in openssl/openssl, category: announcements
testssl.sh (3.2rc4) has now a client simulation for #OpenSSL 3.5.0:
Mittwoch: Einbruch in US-Bankenaufsicht, TSMC vor Milliardenstrafe wegen Huawei
Bankenaufsicht bespitzelt + Strafe nach Exportverbot + FreeDOS in neuer Version + Commandos-Spiel angetestet + OpenSSL mit Post-Quanten-Verfahren + Bit-Rauschen
#OpenSSL 3.5.0 (#LTS) has been released (#SSL / #TLS) https://openssl-library.org/
OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren
OpenSSL fügt mit der neuen LTS-Version 3.5.0 seiner Bibliothek die Post-Quanten-Verfahren ML-KEM, ML-DSA und SLH-DSA hinzu.
#OpenSSL 3.5 Released with Support for PQC Algorithms, Server-Side QUIC, and More https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic
Released: #swad v0.1 
Looking for a simple way to add #authentication to your #nginx reverse proxy? Then swad *could* be for you!
swad is the "Simple Web Authentication Daemon", written in pure #C (+ #POSIX) with almost no external dependencies. #TLS support requires #OpenSSL (or #LibreSSL). It's designed to work with nginx' "auth_request" module and offers authentication using a #cookie and a login form.
Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: #PAM. But as pam already allows pretty flexible configuration, I already consider this pretty useful 
If you want to know more, read here:
https://github.com/Zirias/swad
Trying out the Post-Quantum TLS feature (called ML-KEM) in #OpenSSL 3.5-beta1 and #Tor was a success!
The experiment is using the same setup as we did with #BoringSSL back when they enabled the Kyber768/x25519 TLS 1.3 group: we use a Tor binary, compiled against a PQC-enabled lib(ssl|crypto), to run a Bridge Server locally and connect a local Bridge Client to the server.
The branch used for this experiment is available from https://gitlab.torproject.org/ahf/tor/-/commits/ahf/openssl-3.5-pqc-experiments
Lo and behold, #OpenSSL 3.5 (their upcoming LTS release) will come out here at the beginning of April, and it does indeed support some of these hybrid PQC schemes. Their recent beta2 announcement can be read here: https://openssl-library.org/post/2025-03-25-openssl-3.5-beta/ and their roadmap is at https://openssl-library.org/roadmap/index.html
Very excited by this work. Big kudos to the OpenSSL Team here! 
Already planning on giving this a spin with the C implementation of #Tor later this week to see how it goes!
Friend @Computer I streamlined multiple levels of security by trouble shooting them. Our new security posture eliminates treacherous "defense in depth" wasted and disloyal effort. (This repeats earlier work that fixed #valgrind runs on #openssl, and of course recent similar improvements carried out by #doge_doofus)
#OpenSSL will get the now standardized post-quantum cryptography algorithms (ML-KEM, ML-DSA, SLH-DSA) in 3.5 (planned release date is 2025-04-08):
https://openssl-library.org/post/2025-02-04-release-announcement-3.5/
This will include X25519MLKEM768, and will be enabled and preferred by default:
https://mailarchive.ietf.org/arch/msg/tls/g9sagkuAu8KlWpmJ30YdXbga5Xg/
There was another #OpenSSL update: the QUIC API now offers 0-RTT support and they say this will be part of what ships in 3.5:
"One of the most significant highlights of #Postfix 3.10 is its forward compatibility with OpenSSL 3.5 post-quantum #cryptography. Administrators can manage algorithm selection directly through the new “tls_eecdh_auto_curves” and “tls_ffdhe_auto_groups” parameters. By setting these parameter values to empty, Postfix effectively defers the algorithm selection to #OpenSSL’s own configuration."
https://linuxiac.com/postfix-3-10-mta-arrives-with-openssl-3-5-support/
Yes! Endlich hab ich im Home-LAN eine CA-Struktur aufgebaut und keine nervigen Self-Signed-Meldungen mehr. Und kein Let's Encrypt oder Tool involviert, reines #OpenSSL.
Postfix 3.10 released with support for OpenSSL 3.5 post-quantum cryptography and for the TLSRPT protocol, logging changes
Let me explain the #OpenSSL #QUIC API move and what it might mean. For #curl and for others.
https://daniel.haxx.se/blog/2025/02/16/openssl-does-a-quic-api/
An #ngtcp2 lead developer told me they have no current plans to adapt to the new #OpenSSL #QUIC API because of its lack of 0RTT support and the "pull model".
Of course someone else can go ahead and write it and ideally someone from #OpenSSL does it, for dogfooding purposes.
I have no heard of any other QUIC stack either having adapted to it yet.
