Change MsQuicConfiguration without migration #5184

omegaelit · 2025-06-26T12:41:49Z

omegaelit
Jun 26, 2025

Hi,

Is it possible to update MsQuicConfiguration dynamically without requiring client reconnections? I need to update server certificates on the fly. After some digging I discovered 2 potential solutions, but I'm not sure if they're the correct approaches:

Configuration changes can be applied to existing connections using migration. However, migration should be performed to a new port.
When my server has a new configuration, I must gracefully shutdown existing connections and wait for clients to reconnect
Are these the only options, or is there a better way to handle certificate updates without service interruption? What's the recommended approach for hot-swapping certificates in MsQuic?

Answered by nibanks

Jun 26, 2025

With TLS 1.3, client certificates are only exchanged during the handshake, and once accepted they don't matter anymore. So, there is no way to change a certificate post-handshake. You can only use a different one for new connections.

View full answer

nibanks · 2025-06-26T21:51:41Z

nibanks
Jun 26, 2025
Collaborator

With TLS 1.3, client certificates are only exchanged during the handshake, and once accepted they don't matter anymore. So, there is no way to change a certificate post-handshake. You can only use a different one for new connections.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Change MsQuicConfiguration without migration #5184

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Change MsQuicConfiguration without migration #5184

Uh oh!

Uh oh!

omegaelit Jun 26, 2025

Replies: 1 comment

Uh oh!

nibanks Jun 26, 2025 Collaborator

omegaelit
Jun 26, 2025

nibanks
Jun 26, 2025
Collaborator