[GH-ISSUE #2137] Introduce TlsConnect and QuicConnect trait to be more flexible #896

New issue

Closed

opened 2026-03-16 00:47:27 +03:00 by kerem · 4 comments

kerem commented

2026-03-16 00:47:27 +03:00

Owner

Originally created by @zh-jq-b on GitHub (Feb 6, 2024).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2137

Is your feature request related to a problem? Please describe.

The tls connect code should be same for DoT and DoH, for DoT we have rustls / openssl / native-tls support, but for DoH we only have rustls support, this should be changed to allow more flexible selection of tls libraries and the version.

And the tls connect code is simple, has little to do with the dns code, so they should be split out to avoid unnecessary major version bumps when the tls crate released new major versions.

Describe the solution you'd like

We should add TlsConnect trait, which will convert a TcpStream into a TlsStream<TcpStream>, and use separate crate such as hickory-rustls, hickory-openssl, hickory-native-tls to provide impls, and it wouldn't be too much work to add new impls for users when they want to use a new tls crate or when they need to update rustls to a new version.

We should add QuicConnect trait, to create h3 SendRequest<_> and also poll the close of the connection. The use of h3_quinn crate can be split into a hickory-quinn crate, and users can use their own h3 quic backend crates as long as the use the same h3 major version.

Originally created by @zh-jq-b on GitHub (Feb 6, 2024). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2137 **Is your feature request related to a problem? Please describe.** The tls connect code should be same for DoT and DoH, for DoT we have rustls / openssl / native-tls support, but for DoH we only have rustls support, this should be changed to allow more flexible selection of tls libraries and the version. And the tls connect code is simple, has little to do with the dns code, so they should be split out to avoid unnecessary major version bumps when the tls crate released new major versions. **Describe the solution you'd like** We should add **TlsConnect** trait, which will convert a `TcpStream` into a `TlsStream<TcpStream>`, and use separate crate such as hickory-rustls, hickory-openssl, hickory-native-tls to provide impls, and it wouldn't be too much work to add new impls for users when they want to use a new tls crate or when they need to update rustls to a new version. We should add **QuicConnect** trait, to create h3 `SendRequest<_>` and also poll the close of the connection. The use of h3_quinn crate can be split into a hickory-quinn crate, and users can use their own h3 quic backend crates as long as the use the same h3 major version.

kerem closed this issue

2026-03-16 00:47:32 +03:00

kerem commented

2026-03-16 00:47:38 +03:00

Author

Owner

@djc commented on GitHub (Feb 6, 2024):

What is the actual problem you're trying to solve?

@djc commented on GitHub (Feb 6, 2024): What is the actual problem you're trying to solve?

kerem commented

2026-03-16 00:47:43 +03:00

Author

Owner

@zh-jq-b commented on GitHub (Feb 7, 2024):

What is the actual problem you're trying to solve?

First, to use other tls / quic backends such as boringssl or quiche.
Second, to be able to update the tls / quic backends independently.

@zh-jq-b commented on GitHub (Feb 7, 2024): > What is the actual problem you're trying to solve? First, to use other tls / quic backends such as boringssl or quiche. Second, to be able to update the tls / quic backends independently.

kerem commented

2026-03-16 00:47:48 +03:00

Author

Owner

@djc commented on GitHub (Feb 7, 2024):

Out of curiosity, can you give more context on why you/Bytedance want to use different TLS/QUIC backends?

@djc commented on GitHub (Feb 7, 2024): Out of curiosity, can you give more context on why you/Bytedance want to use different TLS/QUIC backends?

kerem commented

2026-03-16 00:47:53 +03:00

Author

Owner

@zh-jq-b commented on GitHub (Feb 8, 2024):

I have forked a variant-ssl crate from openssl, which added support Tongsuo and AWS-LC that won't be accepted by openssl crate. So I don't want to have another openssl dependency.

We have been using rustls in the G3 project for all of the hickory features,
but for this part, it's really a long time to wait when we want to update the version to 0.22 (rustls -> quinn -> h3_quinn -> hickory), I can disable the DoQ and DoH3 features for some time, but I don't want to disable DoT and DoH features.

And we may also have to support TLCP (a TLS variant protocol that is officially promoted in China) usage in DoT and DoH, so we have to use Tongsuo or some other tls crates in such case.

@zh-jq-b commented on GitHub (Feb 8, 2024): I have forked a `variant-ssl` crate from `openssl`, which added support Tongsuo and AWS-LC that won't be accepted by `openssl` crate. So I don't want to have another `openssl` dependency. We have been using rustls in the G3 project for all of the hickory features, but for this part, it's really a long time to wait when we want to update the version to 0.22 (rustls -> quinn -> h3_quinn -> hickory), I can disable the DoQ and DoH3 features for some time, but I don't want to disable DoT and DoH features. And we may also have to support TLCP (a TLS variant protocol that is officially promoted in China) usage in DoT and DoH, so we have to use Tongsuo or some other tls crates in such case.

kerem referenced this issue

2026-03-16 02:24:55 +03:00

[PR #896] [MERGED] Bump async-trait from 0.1.14 to 0.1.16 #1776