feat: use the nss-rs blapi feature

[larseggert]

Once mozilla/nss-rs#52 lands. This is significantly faster than the alternative in #3600, so I would prefer to use this for neqo.

[codecov]

Codecov Report

❌ Patch coverage is 97.56098% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 94.96%. Comparing base (006442d) to head (97724f9).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3601      +/-   ##
==========================================
- Coverage   95.11%   94.96%   -0.16%     
==========================================
  Files         111      116       +5     
  Lines       37999    38361     +362     
  Branches    37999    38361     +362     
==========================================
+ Hits        36144    36430     +286     
- Misses       1159     1225      +66     
- Partials      696      706      +10     

Flag	Coverage Δ
freebsd	78.84% <ø> (-15.45%)	⬇️
linux	95.11% <97.56%> (-0.01%)	⬇️
macos	95.07% <97.56%> (+<0.01%)	⬆️
windows	95.12% <97.56%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
neqo-common	98.61% <ø> (ø)
neqo-http3	93.92% <ø> (ø)
neqo-qpack	95.14% <ø> (ø)
neqo-transport	95.79% <ø> (-0.02%)	⬇️
neqo-udp	84.90% <ø> (ø)
mtu	86.61% <ø> (ø)

[martinthomson]

I'm sad to say that this looks really, really good. About the same sort of performance lift as the aws-lc patch you put together; perhaps even better and more consistent. So I'm going to suggest that we continue to explore this one.

[codspeed-hq]

Merging this PR will improve performance by 4.34%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 23 untouched benchmarks
⏩ 27 skipped benchmarks¹

Performance Changes

	Mode	Benchmark	BASE	HEAD	Efficiency
⚡	Simulation	coalesce_acked_from_zero 1000+1 entries	2.8 µs	2.7 µs	+4.34%

Tip

Curious why this is faster? Comment @codspeedbot explain why this is faster on this PR, or directly use the CodSpeed MCP with your agent.

---

_{Comparing larseggert:nss_rs-52 (97724f9) with main (7c2a6a3)}

Footnotes

1. 27 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[larseggert]

This needs to be updated to the nss-rs release version that ships the blapi feature.

[Copilot]

Pull request overview

This PR updates neqo to use the newer nss-rs APIs associated with the blapi feature, including an explicit Mode (encrypt/decrypt) when constructing RecordProtection, and wires blapi through crate features (default-enabled) to pick the faster backend.

Changes:

• Update QUIC crypto and Retry packet protection to pass nss::Mode and (for Retry) maintain separate encrypt/decrypt AEAD instances.
• Add blapi as a default-enabled feature in neqo-transport, and propagate it through neqo-qpack / neqo-http3 while disabling dependency default-features.
• Bump the nss-rs git revision and adjust CI clippy feature-matrix constraints accordingly.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test-fixture/src/header_protection.rs	Update AEAD construction to new Mode-taking API (but currently hardcodes Encrypt).
neqo-transport/src/packet/retry.rs	Split Retry AEAD storage by encrypt/decrypt mode; update helper to accept Mode.
neqo-transport/src/packet/mod.rs	Pass Mode::{Encrypt,Decrypt} to Retry tag generation/validation.
neqo-transport/src/crypto.rs	Thread Mode into RecordProtection::new via CryptoDxDirection -> Mode mapping; minor test helpers.
neqo-transport/Cargo.toml	Introduce blapi feature and enable it by default.
neqo-qpack/Cargo.toml	Disable neqo-transport default-features; add blapi feature/default passthrough.
neqo-http3/Cargo.toml	Disable neqo-{qpack,transport} default-features; add blapi feature/default passthrough.
neqo-bin/src/client/mod.rs	Box-pin one Runner future to address large-future concerns.
neqo-bin/src/bin/client.rs	Remove Apple-only clippy suppression attribute.
Cargo.toml	Update nss-rs dependency to a specific git revision.
Cargo.lock	Lockfile update for the new nss-rs revision.
.github/workflows/clippy.yml	Exclude mutually-incompatible feature combinations involving blapi.

Comments suppressed due to low confidence (3)

neqo-transport/Cargo.toml:49

• Setting default = ["blapi"] makes blapi enabled implicitly even when consumers enable build-fuzzing-corpus. But build-fuzzing-corpus enables nss/disable-encryption (and CI explicitly treats blapi as mutually exclusive with both disable-encryption and build-fuzzing-corpus). This means commands like cargo test --features build-fuzzing-corpus (see test/make-fuzz-corpus.sh) will now require --no-default-features to avoid a feature conflict. Consider not making blapi a default feature, or update the fuzzing-corpus build invocation/docs to disable default features when enabling build-fuzzing-corpus.

[features]
bench = ["neqo-common/bench", "nss/bench", "test-fixture/bench", "log/release_max_level_info"]
blapi = ["nss/blapi"]
default = ["blapi"]
build-fuzzing-corpus = [
        "neqo-common/build-fuzzing-corpus",
        "nss/disable-encryption",
        "nss/disable-random",
        "test-fixture/disable-random",
]

neqo-qpack/Cargo.toml:41

• With default = ["blapi"], enabling this crate's build-fuzzing-corpus feature will also enable blapi unless the build uses --no-default-features. Given build-fuzzing-corpus pulls in neqo-transport/build-fuzzing-corpus (which enables nss/disable-encryption) and CI marks blapi as mutually exclusive with fuzzing/disable-encryption, this creates an easy-to-hit feature conflict. Consider documenting/adjusting fuzz builds to pass --no-default-features, or avoid making blapi a default feature here.

[features]
bench = ["neqo-common/bench", "neqo-transport/bench", "log/release_max_level_info"]
blapi = ["neqo-transport/blapi"]
default = ["blapi"]
build-fuzzing-corpus = [
        "neqo-common/build-fuzzing-corpus",
        "neqo-transport/build-fuzzing-corpus",
        "test-fixture/disable-random",
]

neqo-http3/Cargo.toml:56

• With default = ["blapi"], enabling build-fuzzing-corpus will also keep blapi enabled unless builds pass --no-default-features. Since build-fuzzing-corpus enables neqo-transport/disable-encryption and nss/disable-encryption (and CI treats blapi as mutually exclusive with these), this risks a feature conflict for fuzz-corpus builds. Consider documenting/adjusting those builds to disable default features, or avoid making blapi a default feature.

[features]
bench = [
        "neqo-common/bench",
        "neqo-qpack/bench",
        "neqo-transport/bench",
        "test-fixture/bench",
        "log/release_max_level_info",
]
blapi = ["neqo-transport/blapi"]
default = ["blapi"]
build-fuzzing-corpus = [
        "neqo-common/build-fuzzing-corpus",
        "neqo-transport/disable-encryption",
        "nss/disable-encryption",
        "nss/disable-random",
        "test-fixture/disable-random",
]

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Benchmark results

Significant performance differences relative to 7c2a6a3.

transfer/1-conn/1-100mb-resp (aka. Download): 💚 Performance has improved by -5.7657%.

       time:   [173.48 ms 173.89 ms 174.31 ms]
       thrpt:  [573.68 MiB/s 575.09 MiB/s 576.45 MiB/s]
change:
       time:   [-6.1095% -5.7657% -5.4294] (p = 0.00 < 0.05)
       thrpt:  [+5.7411% +6.1184% +6.5071]
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high mild

transfer/1-conn/1-100mb-req (aka. Upload): 💚 Performance has improved by -5.2350%.

       time:   [178.11 ms 178.45 ms 178.78 ms]
       thrpt:  [559.33 MiB/s 560.39 MiB/s 561.44 MiB/s]
change:
       time:   [-5.4956% -5.2350% -4.9796] (p = 0.00 < 0.05)
       thrpt:  [+5.2405% +5.5242% +5.8151]
       Performance has improved.
Found 5 outliers among 100 measurements (5.00%)
2 (2.00%) low mild
2 (2.00%) high mild
1 (1.00%) high severe

streams/walltime/1-streams/each-1000-bytes: 💚 Performance has improved by -4.0715%.

       time:   [574.07 µs 576.15 µs 578.65 µs]
       change: [-4.9046% -4.0715% -3.3366] (p = 0.00 < 0.05)
       Performance has improved.
Found 14 outliers among 100 measurements (14.00%)
6 (6.00%) high mild
8 (8.00%) high severe

streams/walltime/1000-streams/each-1000-bytes: 💚 Performance has improved by -2.2922%.

       time:   [41.212 ms 41.294 ms 41.393 ms]
       change: [-2.5331% -2.2922% -2.0452] (p = 0.00 < 0.05)
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high severe

streams-flow-controlled/walltime/1-streams/each-4194304-bytes: 💚 Performance has improved by -6.1914%.

       time:   [31.292 ms 31.341 ms 31.390 ms]
       change: [-6.6437% -6.1914% -5.8697] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

streams-flow-controlled/walltime/10-streams/each-1048576-bytes: 💚 Performance has improved by -5.3622%.

       time:   [90.702 ms 92.004 ms 93.330 ms]
       change: [-7.1810% -5.3622% -3.3430] (p = 0.00 < 0.05)
       Performance has improved.

transfer/walltime/pacing-false/varying-seeds: 💚 Performance has improved by -6.1346%.

       time:   [20.984 ms 21.013 ms 21.058 ms]
       change: [-6.2910% -6.1346% -5.9370] (p = 0.00 < 0.05)
       Performance has improved.
Found 3 outliers among 100 measurements (3.00%)
2 (2.00%) high mild
1 (1.00%) high severe

transfer/walltime/pacing-true/varying-seeds: 💚 Performance has improved by -7.4731%.

       time:   [21.083 ms 21.112 ms 21.157 ms]
       change: [-7.6756% -7.4731% -7.2309] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

transfer/walltime/pacing-false/same-seed: 💚 Performance has improved by -6.9260%.

       time:   [20.741 ms 20.764 ms 20.792 ms]
       change: [-7.0513% -6.9260% -6.7991] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

transfer/walltime/pacing-true/same-seed: 💚 Performance has improved by -7.1090%.

       time:   [21.012 ms 21.028 ms 21.045 ms]
       change: [-7.2079% -7.1090% -7.0118] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

All results

transfer/1-conn/1-100mb-resp (aka. Download): 💚 Performance has improved by -5.7657%.

       time:   [173.48 ms 173.89 ms 174.31 ms]
       thrpt:  [573.68 MiB/s 575.09 MiB/s 576.45 MiB/s]
change:
       time:   [-6.1095% -5.7657% -5.4294] (p = 0.00 < 0.05)
       thrpt:  [+5.7411% +6.1184% +6.5071]
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high mild

transfer/1-conn/10_000-parallel-1b-resp (aka. RPS): Change within noise threshold.

       time:   [276.46 ms 278.30 ms 280.17 ms]
       thrpt:  [35.692 Kelem/s 35.932 Kelem/s 36.172 Kelem/s]
change:
       time:   [-2.0387% -1.0572% -0.0646] (p = 0.04 < 0.05)
       thrpt:  [+0.0646% +1.0685% +2.0811]
       Change within noise threshold.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

transfer/1-conn/1-1b-resp (aka. HPS): No change in performance detected.

       time:   [39.421 ms 39.627 ms 39.849 ms]
       thrpt:  [25.095   B/s 25.235   B/s 25.367   B/s]
change:
       time:   [-0.5115% +0.2357% +0.9872] (p = 0.55 > 0.05)
       thrpt:  [-0.9775% -0.2351% +0.5141]
       No change in performance detected.
Found 14 outliers among 100 measurements (14.00%)
4 (4.00%) high mild
10 (10.00%) high severe

transfer/1-conn/1-100mb-req (aka. Upload): 💚 Performance has improved by -5.2350%.

       time:   [178.11 ms 178.45 ms 178.78 ms]
       thrpt:  [559.33 MiB/s 560.39 MiB/s 561.44 MiB/s]
change:
       time:   [-5.4956% -5.2350% -4.9796] (p = 0.00 < 0.05)
       thrpt:  [+5.2405% +5.5242% +5.8151]
       Performance has improved.
Found 5 outliers among 100 measurements (5.00%)
2 (2.00%) low mild
2 (2.00%) high mild
1 (1.00%) high severe

streams/walltime/1-streams/each-1000-bytes: 💚 Performance has improved by -4.0715%.

       time:   [574.07 µs 576.15 µs 578.65 µs]
       change: [-4.9046% -4.0715% -3.3366] (p = 0.00 < 0.05)
       Performance has improved.
Found 14 outliers among 100 measurements (14.00%)
6 (6.00%) high mild
8 (8.00%) high severe

streams/walltime/1000-streams/each-1-bytes: Change within noise threshold.

       time:   [12.217 ms 12.237 ms 12.258 ms]
       change: [-0.6348% -0.4020% -0.1771] (p = 0.00 < 0.05)
       Change within noise threshold.

streams/walltime/1000-streams/each-1000-bytes: 💚 Performance has improved by -2.2922%.

       time:   [41.212 ms 41.294 ms 41.393 ms]
       change: [-2.5331% -2.2922% -2.0452] (p = 0.00 < 0.05)
       Performance has improved.
Found 2 outliers among 100 measurements (2.00%)
2 (2.00%) high severe

streams-flow-controlled/walltime/1-streams/each-4194304-bytes: 💚 Performance has improved by -6.1914%.

       time:   [31.292 ms 31.341 ms 31.390 ms]
       change: [-6.6437% -6.1914% -5.8697] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high mild

streams-flow-controlled/walltime/10-streams/each-1048576-bytes: 💚 Performance has improved by -5.3622%.

       time:   [90.702 ms 92.004 ms 93.330 ms]
       change: [-7.1810% -5.3622% -3.3430] (p = 0.00 < 0.05)
       Performance has improved.

transfer/walltime/pacing-false/varying-seeds: 💚 Performance has improved by -6.1346%.

       time:   [20.984 ms 21.013 ms 21.058 ms]
       change: [-6.2910% -6.1346% -5.9370] (p = 0.00 < 0.05)
       Performance has improved.
Found 3 outliers among 100 measurements (3.00%)
2 (2.00%) high mild
1 (1.00%) high severe

transfer/walltime/pacing-true/varying-seeds: 💚 Performance has improved by -7.4731%.

       time:   [21.083 ms 21.112 ms 21.157 ms]
       change: [-7.6756% -7.4731% -7.2309] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

transfer/walltime/pacing-false/same-seed: 💚 Performance has improved by -6.9260%.

       time:   [20.741 ms 20.764 ms 20.792 ms]
       change: [-7.0513% -6.9260% -6.7991] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

transfer/walltime/pacing-true/same-seed: 💚 Performance has improved by -7.1090%.

       time:   [21.012 ms 21.028 ms 21.045 ms]
       change: [-7.2079% -7.1090% -7.0118] (p = 0.00 < 0.05)
       Performance has improved.
Found 1 outliers among 100 measurements (1.00%)
1 (1.00%) high severe

Download data for profiler.firefox.com or download performance comparison data.

[github-actions]

Failed Interop Tests

QUIC Interop Runner, client vs. server, differences relative to main at 7c2a6a3.

neqo-pr as client

neqo-pr as server

neqo-pr vs. go-x-net: BP BA neqo-pr vs. haproxy: BP BA neqo-pr vs. kwik: ⚠️L1 BP BA neqo-pr vs. linuxquic: ⚠️L1 neqo-pr vs. lsquic: L1 C1 neqo-pr vs. msquic: A L1 C1 neqo-pr vs. mvfst: A BP BA neqo-pr vs. neqo: A neqo-pr vs. nginx: BP BA neqo-pr vs. ngtcp2: CM neqo-pr vs. picoquic: A neqo-pr vs. quic-go: A neqo-pr vs. quiche: BP BA neqo-pr vs. s2n-quic: 🚀BP CM neqo-pr vs. tquic: S BP BA neqo-pr vs. xquic: A 🚀L1 C1

aioquic vs. neqo-pr: 🚀C1 CM go-x-net vs. neqo-pr: CM kwik vs. neqo-pr: BP BA CM msquic vs. neqo-pr: CM mvfst vs. neqo-pr: Z A L1 C1 CM neqo vs. neqo-pr: A openssl vs. neqo-pr: LR M A CM quic-go vs. neqo-pr: CM quic-zig vs. neqo-pr: ⚠️L2 quiche vs. neqo-pr: CM quinn vs. neqo-pr: 🚀L1 ⚠️C1 V2 CM s2n-quic vs. neqo-pr: CM tquic vs. neqo-pr: CM xquic vs. neqo-pr: M CM

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

neqo-pr as client

• neqo-pr vs. aioquic: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2 BP BA
• neqo-pr vs. go-x-net: H DC LR M B U A L2 C2 6
• neqo-pr vs. haproxy: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• neqo-pr vs. kwik: H DC LR C20 M S R Z 3 B U A ⚠️L1 L2 C1 C2 6 V2
• neqo-pr vs. linuxquic: H DC LR C20 M S R Z 3 B U E A ⚠️L1 L2 C1 C2 6 V2 BP BA CM
• neqo-pr vs. lsquic: H DC LR C20 M S R Z 3 B U E A L2 C2 6 V2 BP BA CM
• neqo-pr vs. msquic: H DC LR C20 M S R Z B U L2 C2 6 V2 BP BA
• neqo-pr vs. mvfst: H DC LR M R Z 3 B U L1 L2 C1 C2 6
• neqo-pr vs. neqo: H DC LR C20 M S R Z 3 B U E L1 L2 C1 C2 6 V2 BP BA CM
• neqo-pr vs. nginx: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-pr vs. ngtcp2: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA
• neqo-pr vs. picoquic: H DC LR C20 M S R Z 3 B U E L1 L2 C1 C2 6 V2 BP BA CM
• neqo-pr vs. quic-go: H DC LR C20 M S R Z 3 B U L1 L2 C1 C2 6 BP BA
• neqo-pr vs. quic-zig: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
• neqo-pr vs. quiche: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6
• neqo-pr vs. quinn: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 BP BA
• neqo-pr vs. s2n-quic: H DC LR C20 M S R 3 B U E A L1 L2 C1 C2 6 🚀BP BA
• neqo-pr vs. tquic: H DC LR C20 M R Z 3 B U A L1 L2 C1 C2 6
• neqo-pr vs. xquic: H DC LR C20 M S R Z 3 B U 🚀L1 L2 🚀C1 C2 6 BP BA

neqo-pr as server

• aioquic vs. neqo-pr: H DC LR C20 M S R Z 3 B U A L1 L2 🚀C1 C2 6 V2 BP BA
• chrome vs. neqo-pr: 3
• go-x-net vs. neqo-pr: H DC LR M B U A L2 C2 6 BP BA
• kwik vs. neqo-pr: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 V2
• linuxquic vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
• lsquic vs. neqo-pr: H DC LR C20 M S R Z 3 B E A L1 L2 C1 C2 6 V2 BP BA CM
• msquic vs. neqo-pr: H DC LR C20 M S R Z B U A L1 L2 C1 C2 6 V2 BP BA
• mvfst vs. neqo-pr: H DC LR M 3 B L2 C2 6 BP BA
• neqo vs. neqo-pr: H DC LR C20 M S R Z 3 B U E L1 L2 C1 C2 6 V2 BP BA CM
• ngtcp2 vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
• openssl vs. neqo-pr: H DC C20 S R 3 B L2 C2 6 BP BA
• picoquic vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 L2 C1 C2 6 V2 BP BA CM
• quic-go vs. neqo-pr: H DC LR C20 M S R Z 3 B U A L1 L2 C1 C2 6 BP BA
• quic-zig vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A L1 ⚠️L2 C1 C2 6 V2 BP BA CM
• quiche vs. neqo-pr: H DC LR M S R Z 3 B A L1 L2 C1 C2 6 BP BA
• quinn vs. neqo-pr: H DC LR C20 M S R Z 3 B U E A 🚀L1 L2 ⚠️C1 C2 6 BP BA
• s2n-quic vs. neqo-pr: H DC LR M S R 3 B E A L1 L2 C1 C2 6 BP BA
• tquic vs. neqo-pr: H DC LR M S R Z 3 B A L1 L2 C1 C2 6 BP BA
• xquic vs. neqo-pr: H DC LR C20 S R Z 3 B U A L1 L2 C1 C2 6 BP BA

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

neqo-pr as client

• neqo-pr vs. aioquic: E CM
• neqo-pr vs. go-x-net: C20 S R Z 3 E L1 C1 V2 CM
• neqo-pr vs. haproxy: E CM
• neqo-pr vs. kwik: E CM
• neqo-pr vs. msquic: 3 E CM
• neqo-pr vs. mvfst: C20 S E V2 CM
• neqo-pr vs. nginx: E V2 CM
• neqo-pr vs. quic-go: E V2 CM
• neqo-pr vs. quiche: E V2 CM
• neqo-pr vs. quinn: V2 CM
• neqo-pr vs. s2n-quic: Z V2
• neqo-pr vs. tquic: E V2 CM
• neqo-pr vs. xquic: E V2 CM

neqo-pr as server

• aioquic vs. neqo-pr: E
• chrome vs. neqo-pr: H DC LR C20 M S R Z B U E A L1 L2 C1 C2 6 V2 BP BA CM
• go-x-net vs. neqo-pr: C20 S R Z 3 E L1 C1 V2
• kwik vs. neqo-pr: E
• lsquic vs. neqo-pr: U
• msquic vs. neqo-pr: 3 E
• mvfst vs. neqo-pr: C20 S R U E V2
• openssl vs. neqo-pr: Z U E L1 C1 V2
• quic-go vs. neqo-pr: E V2
• quiche vs. neqo-pr: C20 U E V2
• s2n-quic vs. neqo-pr: C20 Z U V2
• tquic vs. neqo-pr: C20 U E V2
• xquic vs. neqo-pr: E V2

[github-actions]

Client/server transfer results

Performance differences relative to 7c2a6a3.

Transfer of 33554432 bytes over loopback, min. 100 runs. All unit-less numbers are in milliseconds.

Client vs. server (params)	Mean ± σ	Min	Max	MiB/s ± σ	Δ baseline	Δ baseline
neqo-msquic-cubic	145.3 ± 2.0	140.7	157.0	220.3 ± 16.0	💚 -0.6	-0.4%
neqo-neqo-cubic	84.1 ± 2.3	80.5	90.0	380.6 ± 13.9	💚 -2.4	-2.8%
neqo-neqo-cubic-nopacing	84.6 ± 2.5	80.0	90.9	378.4 ± 12.8	💚 -1.9	-2.2%
neqo-neqo-newreno	84.1 ± 2.8	78.4	94.6	380.7 ± 11.4	💚 -2.6	-3.0%
neqo-neqo-newreno-nopacing	84.1 ± 2.8	78.9	91.1	380.4 ± 11.4	💚 -2.6	-3.0%
quiche-neqo-cubic	180.1 ± 3.9	172.6	190.7	177.7 ± 8.2	💔 2.0	1.1%

Table above only shows statistically significant changes. See all results below.

All results

Transfer of 33554432 bytes over loopback, min. 100 runs. All unit-less numbers are in milliseconds.

Client vs. server (params)	Mean ± σ	Min	Max	MiB/s ± σ	Δ baseline	Δ baseline
google-google-nopacing	457.5 ± 1.6	453.3	463.3	69.9 ± 20.0
google-neqo-cubic	266.0 ± 2.7	260.9	279.8	120.3 ± 11.9	0.2	0.1%
msquic-msquic-nopacing	135.5 ± 42.3	111.5	382.3	236.1 ± 0.8
msquic-neqo-cubic	155.0 ± 42.8	122.1	375.9	206.5 ± 0.7	1.2	0.8%
neqo-google-cubic	769.3 ± 3.0	764.6	784.6	41.6 ± 10.7	0.6	0.1%
neqo-msquic-cubic	145.3 ± 2.0	140.7	157.0	220.3 ± 16.0	💚 -0.6	-0.4%
neqo-neqo-cubic	84.1 ± 2.3	80.5	90.0	380.6 ± 13.9	💚 -2.4	-2.8%
neqo-neqo-cubic-nopacing	84.6 ± 2.5	80.0	90.9	378.4 ± 12.8	💚 -1.9	-2.2%
neqo-neqo-newreno	84.1 ± 2.8	78.4	94.6	380.7 ± 11.4	💚 -2.6	-3.0%
neqo-neqo-newreno-nopacing	84.1 ± 2.8	78.9	91.1	380.4 ± 11.4	💚 -2.6	-3.0%
neqo-quiche-cubic	188.7 ± 2.3	184.1	194.2	169.6 ± 13.9	-0.7	-0.4%
neqo-s2n-cubic	214.5 ± 1.9	208.8	219.3	149.2 ± 16.8	0.0	0.0%
quiche-neqo-cubic	180.1 ± 3.9	172.6	190.7	177.7 ± 8.2	💔 2.0	1.1%
quiche-quiche-nopacing	140.1 ± 2.9	133.9	150.7	228.5 ± 11.0
s2n-neqo-cubic	218.6 ± 3.6	209.1	227.5	146.4 ± 8.9	0.5	0.2%
s2n-s2n-nopacing	291.4 ± 23.2	279.5	409.3	109.8 ± 1.4

Download data for profiler.firefox.com or download performance comparison data.

[martinthomson]

This is really two changes:

1. Tracking the API changes in the NSS crate
2. Switching to blapi

It might have been nicer to do them as two steps, but this is fine.

[martinthomson]

Suggested change

	direction.into(),
	Mode::from(direction),

Just a preference.

[martinthomson]

Suggested change

	self.direction.into(),
	Mode::from(self.direction),

[martinthomson]

Why not have this take a Read/Write arg? Or at least call it test_default_write()?

[martinthomson]

Any way we can get the disable-encryption variant of this to be const? This is awkward.

[martinthomson]

When do you think we can get rid of draft-29? It's been a little while now.