OxiQUIC 0.2.0 — Pure Rust QUIC & HTTP/3, the NoFFI Replacement for ring and aws-lc-rs

Every QUIC connection begins with the same handshake, and in the Rust ecosystem that handshake almost always begins with the same dependency: a C or assembly cryptographic backend. quinn reaches for ring or aws-lc-rs; so does nearly everything else that speaks QUIC. Today, that whole crypto floor becomes Pure Rust.

Today we’re releasing OxiQUIC 0.2.0 — the COOLJAPAN Pure Rust QUIC transport and HTTP/3 stack for the oxi* ecosystem.

No ring. No aws-lc-rs. No FFI. No -sys crates. Under default features OxiQUIC is 100% Rust: a single static binary that opens QUIC connections, multiplexes streams, and serves HTTP/3 — with no system libraries and no build-time C toolchain in the way. Run cargo tree --edges normal and you will find zero C crypto crates.

Why OxiQUIC

QUIC was supposed to be the modern, encrypted-by-default transport — TLS 1.3 folded directly into the connection, head-of-line blocking gone, 0-RTT resumption built in. And it delivers all of that. But in Rust, picking up QUIC has meant picking up a native cryptographic library underneath it. quinn-proto gates its rustls QUIC bridge behind ring or aws-lc-rs, and derives the Initial keys through C crypto. That is exactly the kind of native dependency the COOLJAPAN Pure Rust policy forbids: it drags a C/assembly toolchain into every target you care about, including the WASM and cross-compilation targets where a C compiler is precisely what you were trying to avoid.

None of that is essential to QUIC. The packet protection is AEAD. The header protection is a block cipher. The Initial keys come from HKDF over a published salt. Loss detection, congestion control, and flow control are documented algorithms in RFC 9002, RFC 9438, and RFC 9000. OxiQUIC implements each of these directly, in memory-safe Rust, so the transport layer stops being the reason your build needs a C crypto backend.

So OxiQUIC builds its own RFC 9000/9001/9002 stack on top of the rustls::quic TLS 1.3 API, driven by an in-house Pure Rust crypto provider over tokio UDP. Neither quinn nor quinn-proto is in the tree. The handshake, the keys, the streams, the congestion control — all of it is ours, and all of it is Rust.

What we built

OxiQUIC is a workspace of focused crates, each owning one slice of the problem. The oxiquic facade crate re-exports the ecosystem behind feature flags, so most code only ever needs the one dependency.

1. oxiquic-core — the vocabulary. The RFC 9000 type system the whole stack speaks: StreamId, ConnectionId, FrameType, TransportParams, OxiQuicError, and ConnectionStats.

2. oxiquic-crypto — the Pure Rust crypto floor. A QUIC crypto provider for rustls that implements AEAD, header protection, and Initial key derivation entirely in Rust on the RustCrypto ecosystem — AES-GCM, ChaCha20-Poly1305, and HKDF-SHA256/384. This is the crate that replaces ring and aws-lc-rs. It is built on the COOLJAPAN oxicrypto primitives, and oxitls plugs in behind an optional provider feature, keeping the entire crypto path Pure Rust.

3. oxiquic-transport — the in-house QUIC stack. ClientEndpoint, ServerEndpoint, QuicConnection, the stream handles, and the machinery underneath them: RFC 9002 loss detection and recovery (PTO + ACK-based), Cubic (RFC 9438) and BBR v2 congestion control, and connection plus stream flow control (MAX_DATA, MAX_STREAM_DATA, STREAMS_BLOCKED).

4. oxiquic-h3 — HTTP/3. A full client and server (H3Client, H3Server, H3ClientBuilder, H3ServerBuilder, H3RequestContext) wired over the h3 crate on top of in-house QUIC stream handles, with streaming request/response bodies over DATA frames and GOAWAY graceful shutdown.

5. oxiquic — the facade. Unified re-exports gated by the transport, h3, and dangerous feature flags, plus the convenience entry points (oxiquic::connect, connect_with_alpn, listen_with_alpn) and the oxiquic::alpn constants.

The handshake stack is complete: 1-RTT TLS 1.3, 0-RTT early data, stateless retry (HMAC-SHA256 token generation and validation per RFC 9000 §8.1), version negotiation, key update (RFC 9001 §6, with per-epoch derivation and a cooldown), connection migration via PATH_CHALLENGE/PATH_RESPONSE, DPLPMTUD MTU discovery (RFC 8899), idle timeout, and keep-alive PING. The streams are type-safe: BiStream, UniSendStream (which is AsyncWrite), and UniRecvStream (which is AsyncRead), each with independent flow control. And the whole workspace ships with 342 tests, zero clippy warnings, and zero unwrap()/panic! in production code across roughly 24,000 SLOC.

Getting Started

Add the facade crate:

[dependencies]
oxiquic = "0.2"

Open a QUIC connection and a bidirectional stream:

use oxiquic::prelude::*;
use std::net::SocketAddr;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let addr: SocketAddr = "93.184.216.34:443".parse()?;
    let conn = oxiquic::connect(addr, "example.com").await?;
    // open a bidirectional stream
    let (stream_id, mut send, mut recv) = conn.open_bidi().await?;
    // ... write/read via AsyncWrite / AsyncRead
    Ok(())
}

Make an HTTP/3 request (enable features = ["h3"]):

use oxiquic::h3_prelude::*;
use std::net::SocketAddr;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let addr: SocketAddr = "93.184.216.34:443".parse()?;
    let mut client = H3ClientBuilder::new()
        .with_server_name("example.com")
        .connect(addr)
        .await?;
    let response = client.get("https://example.com/").await?;
    println!("{}", response.status());
    Ok(())
}

Highlights

• No C crypto, anywhere — AEAD, header protection, and Initial key derivation are Pure Rust (AES-GCM, ChaCha20-Poly1305, HKDF-SHA256/384), so there is no ring, aws-lc-rs, or OpenSSL in the dependency tree.
• In-house RFC 9000/9001/9002 stack — built on the rustls::quic TLS 1.3 API and tokio UDP, not on quinn or quinn-proto.
• Full handshake feature set — 1-RTT, 0-RTT early data, stateless retry, version negotiation, key update, connection migration, MTU discovery, idle timeout, and keep-alive.
• Two congestion controllers — Cubic (RFC 9438) and BBR v2 with bandwidth estimation, pacing, ProbeRTT, and ProbeBW, selectable through TransportConfig.
• Type-safe streams — BiStream, UniSendStream (AsyncWrite), and UniRecvStream (AsyncRead), each with independent flow control.
• HTTP/3 client and server — H3ClientBuilder and H3ServerBuilder over in-house QUIC streams, with streaming bodies and graceful GOAWAY shutdown.
• First-class ALPN — connect_with_alpn() / listen_with_alpn() facade helpers, ServerEndpointBuilder::with_alpn_protocols(), and well-known constants in oxiquic::alpn.

Tips

• transport is on by default; opt into h3 when you need HTTP/3. The facade ships transport (QUIC ClientEndpoint, ServerEndpoint, QuicConnection, TransportConfig) by default, while features = ["h3"] adds the HTTP/3 client and server on top.
• Tune the connection through TransportConfig::builder(). Set idle_timeout, keep_alive_interval, max_concurrent_bidi_streams, and max_concurrent_uni_streams, then pick a controller with .with_congestion_controller(CongestionAlgorithm::Bbr) for high-bandwidth-delay paths or leave it on Cubic.
• Use the ALPN facade helpers instead of hand-rolling negotiation. connect_with_alpn() and listen_with_alpn(), paired with the constants in oxiquic::alpn, wire ALPN through to the HTTP/3 layer for you.
• dangerous is for dev only. Enabling features = ["dangerous"] unlocks connect_insecure(), which skips certificate verification — keep it out of anything that ships.
• Trust but verify the dependency floor. Run bash scripts/ffi-audit.sh; it must print FFI audit PASSED, and the workspace deny.toml bans ring, aws-lc-rs, aws-lc-sys, openssl, and openssl-sys tree-wide.
• Read connection statistics straight off the connection. ConnectionStats exposes RTT, bytes/packets sent/received/lost, and the congestion window — useful for confirming which controller is doing what under load.

Part of the COOLJAPAN ecosystem

OxiQUIC belongs to NoFFI — the COOLJAPAN initiative to replace every C/C++/Fortran/-sys FFI dependency in the Rust ecosystem with a clean, memory-safe, 100% Pure Rust implementation. Here, that means retiring ring and aws-lc-rs — the C and assembly crypto backends that quinn and the rest of the Rust QUIC world lean on — and deriving every QUIC key in Rust instead.

It is wired into the rest of the family. The crypto provider stands on the COOLJAPAN oxicrypto primitives, and the optional TLS provider plugs into oxitls, so the full handshake path stays Pure Rust from the AEAD up to the certificate chain. OxiQUIC is the transport the sovereign stack reaches for when it needs encrypted, multiplexed connections without a C compiler underneath.

Repository: https://github.com/cool-japan/oxiquic

Star the repo if you want a QUIC stack that handshakes, multiplexes, and serves HTTP/3 without ever asking for a C crypto backend. ⭐

Pure Rust transport — sovereign, safe, and FFI-free.

— KitaSan at COOLJAPAN OÜ June 22, 2026