Its probably lesser known that OpenSSL in their recent 3.5.0 Beta version has added full support (client and server side) for TLS over QUIC.
RFC9001 runs the TLS messages - including handshake and anything - on top of the QUIC transport layer. This is somewhat exciting, as it means that - if you already have an OpenSSL infra - you can get QUIC support with relatively little effort into your app. So I went ahead and added QUIC support for crash. As roaming/mobility is not yet supported with OpenSSL's QUIC impl, so it is neither supported in crash. For roaming and suspend/resume you still use DTLS. But SOCKSing your connections through GfW with QUIC is working.
As a funny side-note, as the QUIC support within OpenSSL is pretty new, it would not have been possible to use AI coding agents to add support for it, as they could not have learnt about it yet. This kind of model-rot has implications about malware development and forensics which I am not yet digging into here.
Whats the benefits and drawbacks of using QUIC in general and where is the fun ahead?
QUIC itself effectively was designed for HTTP/3 - as a replacement for HTTP/1 and HTTP/2 over TCP. It runs on top of UDP and has its own ordering, reliability and security layer. Unlike DTLS, which does not offer reliability beyond the handshake.
One of the drawbacks for me is, that it requires a minimum MSS of 1200, which means that QUIC is not a tunneling-friendly protocol, since it requires a lot more effort to tunnel it across links with a lesser MTU, e.g. DNS or reduced NTP (Tier1 networks sometimes limit NTP pkt sizes). But of course you can tunnel other protos across QUIC.
So, whats good about QUIC? It adds new attack surfaces from many sides: Implementation wise with many new software stacks that could potentially contain bugs as well as from protocol side since its not using TCP and therefore it is easier to spoof and confuse monitoring systems and firewalls. This brings me to the point that QUIC is an exfiltration-friendly protocol. As there basically is no notion of [IP:port] endpoint pairs but IPs and ports can be floating. It is much harder, if not impossible, to detect or supress UL/DL of large amounts of data between networks. As there is no network-level connection as with TCP, there is no connection that could be resetted and blocking only works for that particular [IP:port] pair, which is a moving target. Whats more, as QUIC does not require OS/Kernel support, it would be possible by malware to carry free-standing implementations and run it on the most ancient systems, if it just speaks UDP.
I will not dig further in the pro's and con's of QUIC and TLS-over-QUIC, since the nifty details should be reserved for paying customers. :)