Skip to content

Using BoringSSL

Noted by on his . Last updated . Changelog

Despite BoringSSL’s “not intended for general use” warning, it’s used by many projects:

  • The “ring” rust crate’s crypto primitives (used by Rustls)
  • Cloudflare: used everywhere, including Quiche.
  • Apple’s Secure Transport (it’s in both major mobile OSes!)
  • Optionally: Nginx, libcurl
  • (Update ) Apple’s SwiftNIO SSL
  • (Update ) AWS libcrypto is based on BoringSSL
  • (Update ) the Envoy proxy uses BoringSSL

I use nginx-quic with BoringSSL without issue, although I did have to use a separate script to manage the OCSP cache. The script manages the cache better than Nginx ever did, so I recommend it; it should be trivial to switch it from OpenSSL to LibreSSL.