Security
Audited against 200+ issues from aioquic and quiche. Zero unsafe blocks.
Mitigations Applied
| Attack | Mitigation | Source |
|---|---|---|
| ACK range DoS | Max 256 ACK ranges per frame | aioquic #549 |
| CRYPTO buffer OOM | 128KB cap per connection | aioquic #501 |
| Undersized Initial | Reject packets < 1200 bytes | RFC 9000 §14.1 |
| Oversized frames | 16MB payload cap | Internal audit |
| Predictable CIDs | Mixed entropy + atomic counter | Internal audit |
| Mutex poisoning | Graceful lock().ok() in I/O loop | Internal audit |
| Stateless reset oracle | Constant-time token comparison | aioquic #555 |
| Idle timeout mismatch | min(local, remote) per RFC | aioquic #466 |
Design Principles
- Zero unsafe — No unsafe blocks in protocol code. Only in FFI boundary (nhttp3-ffi).
- Bounds-checked parsing — All packet/frame parsers check remaining() before reading.
- No hand-rolled crypto — TLS delegated entirely to rustls. No custom crypto implementations.
- Input validation at boundaries — Public APIs validate. Internal code trusts invariants.