vquic: drop support for OpenSSL-QUIC

- It is slower and uses more memory than the alternatives and is only experimental in curl. - We disable a few tests for OpenSSL-QUIC because of flakiness - It gets little attention from OpenSSL and we have no expectation of the major flaws getting corrected anytime soon. - No one has spoken up for keeping it - curl users building with vanilla OpenSSL can still use QUIC through the means of ngtcp2 Closes #20226
2026-01-18 17:21:26 +01:00 · 2026-01-17 22:49:28 +01:00
parent 6c31df453b
commit 6aaac9dd38
22 changed files with 17 additions and 2719 deletions
--- a/.github/workflows/http3-linux.yml
+++ b/.github/workflows/http3-linux.yml
@@ -439,21 +439,6 @@ jobs:
              -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON
              -DUSE_ECH=ON
          - name: 'openssl-quic'
            install_steps: skipall
            PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
            tflags: '--min=1640'
            configure: >-
              LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib
              --with-openssl=/home/runner/openssl/build --with-openssl-quic
          - name: 'openssl-quic'
            PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
            generate: >-
              -DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_OPENSSL_QUIC=ON
              -DCURL_DISABLE_LDAP=ON
              -DCMAKE_UNITY_BUILD=ON
          - name: 'quiche'
            install_steps: skipall
            PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -232,7 +232,7 @@ jobs:
          - name: 'OpenSSL libssh'
            compiler: llvm@18
            install: libssh libnghttp3
-            generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
+            generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
          - name: '!ssl c-ares'
            compiler: clang
            configure: --enable-debug --enable-ares --without-ssl
@@ -330,19 +330,19 @@ jobs:
            compiler: clang
            install: libnghttp3
            install_steps: torture
-            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
+            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
            tflags: '-t --shallow=25 --min=480 1 to 500'
          - name: 'OpenSSL torture 2'
            compiler: clang
            install: libnghttp3
            install_steps: torture
-            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
+            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
            tflags: '-t --shallow=25 --min=730 501 to 1250'
          - name: 'OpenSSL torture 3'
            compiler: clang
            install: libnghttp3
            install_steps: torture
-            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
+            generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
            tflags: '-t --shallow=25 --min=628 1251 to 9999'
    steps:
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -200,7 +200,7 @@ jobs:
          - { build: 'autotools', sys: 'msys'      , env: 'x86_64'       , tflags: ''          , config: '--with-openssl', install: 'openssl-devel libssh2-devel', name: 'default R' }
          # MinGW
          - { build: 'autotools', sys: 'mingw64'   , env: 'x86_64'       , tflags: 'skiprun'   , config: '--enable-debug --with-openssl --disable-threaded-resolver --disable-curldebug --enable-static --without-zlib', install: 'mingw-w64-x86_64-openssl mingw-w64-x86_64-libssh2', name: 'default' }
-          - { build: 'autotools', sys: 'mingw64'   , env: 'x86_64'       , tflags: ''          , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --with-openssl-quic --enable-static --disable-shared --enable-ca-native', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' }
+          - { build: 'autotools', sys: 'mingw64'   , env: 'x86_64'       , tflags: ''          , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --enable-static --disable-shared --enable-ca-native', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' }
          - { build: 'cmake'    , sys: 'mingw64'   , env: 'x86_64'       , tflags: '--min=1650', config: '-DENABLE_DEBUG=ON  -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel c-ares U' }
          # MinGW torture
          - { build: 'cmake'    , sys: 'mingw64'   , env: 'x86_64'       , tflags: '-t --shallow=13 --min=700 1 to 950'   , config: '-DENABLE_DEBUG=ON  -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 1' }
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -686,11 +686,6 @@ else()
  set(_openssl_default ON)
 endif()
 cmake_dependent_option(CURL_USE_OPENSSL "Enable OpenSSL for SSL/TLS" ${_openssl_default} CURL_ENABLE_SSL OFF)
 option(USE_OPENSSL_QUIC "Use OpenSSL and nghttp3 libraries for HTTP/3 support" OFF)
 if(USE_OPENSSL_QUIC AND NOT CURL_USE_OPENSSL)
  message(WARNING "OpenSSL QUIC has been requested, but without enabling OpenSSL. Will not enable QUIC.")
  set(USE_OPENSSL_QUIC OFF)
 endif()
 option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenSSL configuration" OFF)
 curl_count_true(_enabled_ssl_options_count
@@ -959,7 +954,7 @@ endmacro()
 # Ensure that OpenSSL (or fork) or wolfSSL actually supports QUICTLS API.
 macro(curl_openssl_check_quic)
-  if(USE_OPENSSL AND NOT USE_OPENSSL_QUIC)
+  if(USE_OPENSSL)
    if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0)
      if(NOT DEFINED HAVE_SSL_SET_QUIC_TLS_CBS)
        curl_openssl_check_exists("SSL_set_quic_tls_cbs" HAVE_SSL_SET_QUIC_TLS_CBS)
@@ -1057,7 +1052,7 @@ if(USE_NGTCP2)
      find_package(NGTCP2 REQUIRED COMPONENTS "wolfSSL")
    elseif(HAVE_BORINGSSL OR HAVE_AWSLC)
      find_package(NGTCP2 REQUIRED COMPONENTS "BoringSSL")
-    elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0 AND NOT USE_OPENSSL_QUIC)
+    elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0)
      find_package(NGTCP2 REQUIRED COMPONENTS "ossl")
      if(NGTCP2_VERSION VERSION_LESS 1.12.0)
        message(FATAL_ERROR "ngtcp2 1.12.0 or upper required for OpenSSL")
@@ -1106,19 +1101,6 @@ if(USE_QUICHE)
  endif()
 endif()
 if(USE_OPENSSL_QUIC)
  if(USE_NGTCP2 OR USE_QUICHE)
    message(FATAL_ERROR "Only one HTTP/3 backend can be selected")
  elseif(CURL_WITH_MULTI_SSL)
    message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.")
  endif()
  find_package(OpenSSL 3.3.0 REQUIRED)
  find_package(NGHTTP3 REQUIRED)
  set(USE_NGHTTP3 ON)
  list(APPEND CURL_LIBS CURL::nghttp3)
 endif()
 if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP))
  set(USE_TLS_SRP 1)
 endif()
@@ -1991,7 +1973,7 @@ curl_add_if("NTLM"          NOT CURL_DISABLE_NTLM AND
                            (_use_curl_ntlm_core OR USE_WINDOWS_SSPI))
 curl_add_if("TLS-SRP"       USE_TLS_SRP)
 curl_add_if("HTTP2"         USE_NGHTTP2)
-curl_add_if("HTTP3"         USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC)
+curl_add_if("HTTP3"         USE_NGTCP2 OR USE_QUICHE)
 curl_add_if("MultiSSL"      CURL_WITH_MULTI_SSL)
 curl_add_if("HTTPS-proxy"   NOT CURL_DISABLE_PROXY AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS
                            OR USE_SCHANNEL OR USE_RUSTLS OR USE_MBEDTLS OR
--- a/1
+++ b/1
@@ -77,7 +77,6 @@ For all changes ever done in curl:
 Planned upcoming removals include:
 o OpenSSL-QUIC
 o RTMP support
 o Support for c-ares versions before 1.16.0
 o Support for Windows XP/2003
--- a/configure.ac
+++ b/configure.ac
@@ -170,7 +170,7 @@ curl_unix_sockets_msg="no       (--enable-unix-sockets)"
         ssl_backends=
          curl_h1_msg="enabled  (internal)"
          curl_h2_msg="no       (--with-nghttp2)"
-          curl_h3_msg="no       (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic)"
+          curl_h3_msg="no       (--with-ngtcp2 --with-nghttp3, --with-quiche)"
 enable_altsvc="yes"
 hsts="yes"
@@ -3607,53 +3607,14 @@ if test "$USE_NGTCP2" = "1" && test "$WOLFSSL_ENABLED" = "1"; then
  fi
 fi
 dnl **********************************************************************
 dnl Check for OpenSSL QUIC
 dnl **********************************************************************
 OPT_OPENSSL_QUIC="no"
 if test "$disable_http" = "yes" || test "$OPENSSL_ENABLED" != "1"; then
  # without HTTP or without openssl, no use
  OPT_OPENSSL_QUIC="no"
 fi
 AC_ARG_WITH(openssl-quic,
 AS_HELP_STRING([--with-openssl-quic],[Enable OpenSSL QUIC usage])
 AS_HELP_STRING([--without-openssl-quic],[Disable OpenSSL QUIC usage]),
  [OPT_OPENSSL_QUIC=$withval])
 case "$OPT_OPENSSL_QUIC" in
  no)
    dnl --without-openssl-quic option used
    want_openssl_quic="no"
    ;;
  yes)
    dnl --with-openssl-quic option used
    want_openssl_quic="yes"
    ;;
 esac
 curl_openssl_quic_msg="no      (--with-openssl-quic)"
 if test "$want_openssl_quic" = "yes"; then
  if test "$USE_NGTCP2" = "1"; then
    AC_MSG_ERROR([--with-openssl-quic and --with-ngtcp2 are mutually exclusive])
  fi
  if test "$have_openssl_quic" != "1"; then
    AC_MSG_ERROR([--with-openssl-quic requires quic support and OpenSSL >= 3.3.0])
  fi
  AC_DEFINE(USE_OPENSSL_QUIC, 1, [if openssl QUIC is in use])
  USE_OPENSSL_QUIC=1
 fi
 dnl **********************************************************************
 dnl Check for nghttp3 (HTTP/3 with ngtcp2)
 dnl **********************************************************************
 OPT_NGHTTP3="yes"
-if test "$USE_NGTCP2" != "1" && test "$USE_OPENSSL_QUIC" != "1"; then
+if test "$USE_NGTCP2" != "1"; then
-  # without ngtcp2 or openssl quic, nghttp3 is of no use for us
+  # without ngtcp2, nghttp3 is of no use for us
  OPT_NGHTTP3="no"
  want_nghttp3="no"
 fi
@@ -3682,9 +3643,9 @@ esac
 curl_http3_msg="no      (--with-nghttp3)"
 if test "$want_nghttp3" != "no"; then
-  if test "$USE_NGTCP2" != "1" && test "$USE_OPENSSL_QUIC" != "1"; then
+  if test "x$USE_NGTCP2" != "x1"; then
-    # without ngtcp2 or openssl quic, nghttp3 is of no use for us
+    # without ngtcp2, nghttp3 is of no use for us
-    AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2 or OpenSSL-QUIC])
+    AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2])
  fi
  dnl backup the pre-nghttp3 variables
@@ -3753,17 +3714,6 @@ if test "$USE_NGTCP2" = "1" && test "$USE_NGHTTP3" = "1"; then
  curl_h3_msg="enabled (ngtcp2 + nghttp3)"
 fi
 dnl **********************************************************************
 dnl Check for OpenSSL and nghttp3 (HTTP/3 with nghttp3 using OpenSSL QUIC)
 dnl **********************************************************************
 if test "$USE_OPENSSL_QUIC" = "1" && test "$USE_NGHTTP3" = "1"; then
  experimental="$experimental HTTP3"
  USE_OPENSSL_H3=1
  AC_MSG_NOTICE([HTTP3 support is experimental])
  curl_h3_msg="enabled (openssl + nghttp3)"
 fi
 dnl **********************************************************************
 dnl Check for quiche (QUIC)
 dnl **********************************************************************
--- a/docs/DEPRECATE.md
+++ b/docs/DEPRECATE.md
@@ -16,21 +16,6 @@ how your use case cannot be satisfied properly using a workaround.
 In March 2026, we drop support for all c-ares versions before 1.16.0.
 ## OpenSSL-QUIC
 OpenSSL-QUIC is what we call the curl QUIC backend that uses the OpenSSL QUIC
 stack.
 - It is slower and uses more memory than the alternatives and is only
   experimental in curl.
 - It gets little attention from OpenSSL and we have no expectation of the
   major flaws getting corrected anytime soon.
 - No one has spoken up for keeping it
 - curl users building with vanilla OpenSSL can still use QUIC through the
   means of ngtcp2
 We remove the OpenSSL-QUIC backend in January 2026.
 ## RTMP
 RTMP in curl is powered by the 3rd party library librtmp.
@@ -71,3 +56,4 @@ CMake 3.18 was released on 2020-07-15.
 - Support for Visual Studio 2008 (removed in 8.18.0)
 - OpenSSL 1.1.1 and older (removed in 8.18.0)
 - Support for Windows XP (removed in 8.19.0)
 - OpenSSL-QUIC (removed in 8.19.0)
--- a/docs/HTTP3.md
+++ b/docs/HTTP3.md
@@ -250,54 +250,6 @@ Build curl:
 If `make install` results in `Permission denied` error, you need to prepend
 it with `sudo`.
 # OpenSSL version
 QUIC support is **EXPERIMENTAL**
 Use OpenSSL 3.3.1 or newer (QUIC support was added in 3.3.0, with
 shortcomings on some platforms like macOS). 3.4.1 or newer is recommended.
 Build via:
     % cd ..
     % git clone -b $OPENSSL_VERSION https://github.com/openssl/openssl
     % cd openssl
     % ./config enable-tls1_3 --prefix=<somewhere> --libdir=lib
     % make
     % make install
 Build nghttp3:
     % cd ..
     % git clone -b $NGHTTP3_VERSION https://github.com/ngtcp2/nghttp3
     % cd nghttp3
     % git submodule update --init
     % autoreconf -fi
     % ./configure --prefix=<somewhere2> --enable-lib-only
     % make
     % make install
 Build curl:
     % cd ..
     % git clone https://github.com/curl/curl
     % cd curl
     % autoreconf -fi
     % LDFLAGS="-Wl,-rpath,<somewhere>/lib" ./configure --with-openssl=<somewhere> --with-openssl-quic --with-nghttp3=<somewhere2>
     % make
     % make install
 You can build curl with cmake:
     % cd ..
     % git clone https://github.com/curl/curl
     % cd curl
     % cmake -B bld -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON
     % cmake --build bld
     % cmake --install bld
 If `make install` results in `Permission denied` error, you need to prepend
 it with `sudo`.
 # `--http3`
 Use only HTTP/3:
--- a/docs/INSTALL-CMAKE.md
+++ b/docs/INSTALL-CMAKE.md
@@ -275,7 +275,6 @@ target_link_libraries(my_target PRIVATE CURL::libcurl)
 - `ENABLE_UNIX_SOCKETS`:                    Enable Unix domain sockets support. Default: `ON`
 - `USE_ECH`:                                Enable ECH support. Default: `OFF`
 - `USE_HTTPSRR`:                            Enable HTTPS RR support. Default: `OFF`
 - `USE_OPENSSL_QUIC`:                       Use OpenSSL and nghttp3 libraries for HTTP/3 support. Default: `OFF`
 - `USE_SSLS_EXPORT`:                        Enable experimental SSL session import/export. Default: `OFF`
 ## Disabling features
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -118,14 +118,12 @@ LIB_VTLS_HFILES =           \
 LIB_VQUIC_CFILES = \
  vquic/curl_ngtcp2.c   \
  vquic/curl_osslq.c   \
  vquic/curl_quiche.c   \
  vquic/vquic.c \
  vquic/vquic-tls.c
 LIB_VQUIC_HFILES = \
  vquic/curl_ngtcp2.h   \
  vquic/curl_osslq.h   \
  vquic/curl_quiche.h   \
  vquic/vquic.h    \
  vquic/vquic_int.h \
--- a/lib/curl_config-cmake.h.in
+++ b/lib/curl_config-cmake.h.in
@@ -749,9 +749,6 @@ ${SIZEOF_TIME_T_CODE}
 /* to enable quiche */
 #cmakedefine USE_QUICHE 1
 /* to enable openssl + nghttp3 */
 #cmakedefine USE_OPENSSL_QUIC 1
 /* to enable openssl + ngtcp2 + nghttp3 */
 #cmakedefine OPENSSL_QUIC_API2 1
--- a/lib/vquic/curl_osslq.c
+++ b/lib/vquic/curl_osslq.c
--- a/lib/vquic/curl_osslq.h
+++ b/lib/vquic/curl_osslq.h
@@ -1,51 +0,0 @@
 #ifndef HEADER_CURL_VQUIC_CURL_OSSLQ_H
 #define HEADER_CURL_VQUIC_CURL_OSSLQ_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/
 #include "../curl_setup.h"
 #if !defined(CURL_DISABLE_HTTP) && defined(USE_OPENSSL_QUIC) && \
  defined(USE_NGHTTP3)
 #ifdef HAVE_NETINET_UDP_H
 #include <netinet/udp.h>
 #endif
 struct Curl_cfilter;
 #include "../urldata.h"
 void Curl_osslq_ver(char *p, size_t len);
 CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf,
                              struct Curl_easy *data,
                              struct connectdata *conn,
                              const struct Curl_addrinfo *ai);
 bool Curl_conn_is_osslq(const struct Curl_easy *data,
                        const struct connectdata *conn,
                        int sockindex);
 #endif
 #endif /* HEADER_CURL_VQUIC_CURL_OSSLQ_H */
--- a/lib/vquic/vquic.c
+++ b/lib/vquic/vquic.c
@@ -36,7 +36,6 @@
 #include "../cfilters.h"
 #include "../curl_trc.h"
 #include "curl_ngtcp2.h"
 #include "curl_osslq.h"
 #include "curl_quiche.h"
 #include "../multiif.h"
 #include "../progress.h"
@@ -66,8 +65,6 @@ void Curl_quic_ver(char *p, size_t len)
 {
 #if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
  Curl_ngtcp2_ver(p, len);
 #elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
  Curl_osslq_ver(p, len);
 #elif defined(USE_QUICHE)
  Curl_quiche_ver(p, len);
 #endif
@@ -703,8 +700,6 @@ CURLcode Curl_cf_quic_create(struct Curl_cfilter **pcf,
  DEBUGASSERT(transport == TRNSPRT_QUIC);
 #if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
  return Curl_cf_ngtcp2_create(pcf, data, conn, ai);
 #elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
  return Curl_cf_osslq_create(pcf, data, conn, ai);
 #elif defined(USE_QUICHE)
  return Curl_cf_quiche_create(pcf, data, conn, ai);
 #else
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3652,11 +3652,7 @@ static CURLcode ossl_init_method(struct Curl_cfilter *cf,
      return CURLE_SSL_CONNECT_ERROR;
    }
 #ifdef USE_OPENSSL_QUIC
    *pmethod = OSSL_QUIC_client_method();
 #else
    *pmethod = TLS_method();
 #endif
    break;
  default:
    failf(data, "unsupported transport %d in SSL init", peer->transport);
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -394,24 +394,5 @@ AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading o
    fi
  ])
  dnl ---
  dnl We may use OpenSSL QUIC.
  dnl ---
  AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3])
  AC_LINK_IFELSE([
    AC_LANG_PROGRAM([[
      #include <openssl/ssl.h>
    ]],[[
      #if (OPENSSL_VERSION_NUMBER < 0x30300000L)
      #error need at least version 3.3.0
      #endif
      OSSL_QUIC_client_method();
    ]])
  ],[
    AC_MSG_RESULT([yes])
    have_openssl_quic=1
  ],[
    AC_MSG_RESULT([no])
  ])
 fi
 ])
--- a/tests/http/test_02_download.py
+++ b/tests/http/test_02_download.py
@@ -314,8 +314,6 @@ class TestDownload:
    # download, several at a time, pause and abort paused
    @pytest.mark.parametrize("proto", Env.http_protos())
    def test_02_23a_lib_abort_paused(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip('OpenSSL QUIC fails here')
        if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
            pytest.skip("fails in CI, but works locally for unknown reasons")
        count = 10
@@ -341,8 +339,6 @@ class TestDownload:
    # download, several at a time, abort after n bytes
    @pytest.mark.parametrize("proto", Env.http_protos())
    def test_02_23b_lib_abort_offset(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip('OpenSSL QUIC fails here')
        if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
            pytest.skip("fails in CI, but works locally for unknown reasons")
        count = 10
@@ -368,8 +364,6 @@ class TestDownload:
    # download, several at a time, abort after n bytes
    @pytest.mark.parametrize("proto", Env.http_protos())
    def test_02_23c_lib_fail_offset(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip('OpenSSL QUIC fails here')
        if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
            pytest.skip("fails in CI, but works locally for unknown reasons")
        count = 10
--- a/tests/http/test_03_goaway.py
+++ b/tests/http/test_03_goaway.py
@@ -75,8 +75,6 @@ class TestGoAway:
    @pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
    def test_03_02_h3_goaway(self, env: Env, httpd, nghttpx):
        proto = 'h3'
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip('OpenSSL QUIC fails here')
        count = 3
        self.r = None
--- a/tests/http/test_05_errors.py
+++ b/tests/http/test_05_errors.py
@@ -58,8 +58,6 @@ class TestErrors:
    # download files, check that we get CURLE_PARTIAL_FILE for all
    @pytest.mark.parametrize("proto", Env.http_mplx_protos())
    def test_05_02_partial_20(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip("openssl-quic is flaky in yielding proper error codes")
        if proto == 'h3' and env.curl_uses_lib('quiche') and \
                not env.curl_lib_version_at_least('quiche', '0.24.8'):
            pytest.skip("quiche issue #2277 not fixed")
--- a/tests/http/test_07_upload.py
+++ b/tests/http/test_07_upload.py
@@ -507,8 +507,6 @@ class TestUpload:
    @pytest.mark.parametrize("proto", Env.http_protos())
    def test_07_43_upload_denied(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip("openssl-quic is flaky in filed PUTs")
        fdata = os.path.join(env.gen_dir, 'data-10m')
        count = 1
        max_upload = 128 * 1024
--- a/tests/http/test_14_auth.py
+++ b/tests/http/test_14_auth.py
@@ -65,8 +65,6 @@ class TestAuth:
    def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, proto):
        if not env.curl_has_feature('digest'):
            pytest.skip("curl built without digest")
        if proto == 'h3' and env.curl_uses_ossl_quic():
            pytest.skip("openssl-quic is flaky in retrying POST")
        data='0123456789'
        curl = CurlClient(env=env)
        url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
@@ -97,7 +95,7 @@ class TestAuth:
    def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, proto):
        if proto == 'h3' and not env.curl_uses_lib('ngtcp2'):
            # See <https://github.com/cloudflare/quiche/issues/1573>
-            pytest.skip("quiche/openssl-quic have problems with large requests")
+            pytest.skip("quiche has problems with large requests")
        # just large enough that nghttp2 will submit
        password = 'x' * (47 * 1024)
        fdata = os.path.join(env.gen_dir, 'data-10m')
--- a/tests/http/testenv/curl.py
+++ b/tests/http/testenv/curl.py
@@ -515,7 +515,7 @@ class ExecResult:
        s = self._stats[idx]
        url = s['url_effective']
-        # connect time is sometimes reported as 0 by openssl-quic (sigh)
+
        self.check_stat_positive_or_0(s, idx, 'time_connect')
        # all stat keys which reporting timings
        all_keys = {