Using nodes openSSL?

[tegefaulkes]

Looking into uSockets I can see that it is using boringSSL. Is it possible it can dynamically use node's openSSL to avoid having multiple SSL libraries within our application? If not is there a plan to support this?

I ask because having multiple SSL libraries in our app increases the security surface area of our app. Ideally we want to minimise this.

[uNetworkingAB]

We use boringssl and have no reason to swap back to relying on nodejs openssl. Shipping boringssl is faster and more reliable as we aren't relying on ABI which more often than not is entirely broken in nodejs

[CMCDragonkai]

If the same app has another addon that also uses boringssl, is there a way to recompile uSockets to dynamically link boringssl?

[uNetworkingAB]

You have the code so feel free to try anything you want, but none of this aligns with the goals of uWS.js, or interests me. Statically linking boringssl and shipping the whole binary is how we've been able to ship reliable compatibility everywhere. Nodejs is a total mess in terms of ABI and doesn't follow it's own ABI rules reliably, esp. not when it comes to ssl. Many many Linux distros entirely disregard ABI rules on favor of linking with their openssl version, entirely breaking binary compatibility in highly deceiving ways. All of that problematics goes away by shipping boringssl statically linked and improves performance by 18%.