--- a/auto/lib/openssl/conf	Tue May 06 18:57:01 2025 +0400
+++ b/auto/lib/openssl/conf	Wed May 21 03:54:45 2025 +0400
@@ -12,7 +12,6 @@
 
     if [ $USE_OPENSSL_QUIC = YES ]; then
         have=NGX_QUIC . auto/have
-        have=NGX_QUIC_OPENSSL_COMPAT . auto/have
     fi
 
     case "$CC" in
@@ -154,8 +153,6 @@
                 . auto/feature
 
                 if [ $ngx_found = no ]; then
-                    have=NGX_QUIC_OPENSSL_COMPAT . auto/have
-
                     ngx_feature="OpenSSL QUIC compatibility"
                     ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
                                                  NULL, NULL, NULL, NULL, NULL)"

--- a/src/event/quic/ngx_event_quic.c	Tue May 06 18:57:01 2025 +0400
+++ b/src/event/quic/ngx_event_quic.c	Wed May 21 03:54:45 2025 +0400
@@ -973,8 +973,8 @@
         return NGX_DECLINED;
     }
 
-#if !defined (OPENSSL_IS_BORINGSSL)
-    /* OpenSSL provides read keys for an application level before it's ready */
+#if (NGX_QUIC_QUICTLS_API)
+    /* QuicTLS provides app read keys before completing handshake */
 
     if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,

--- a/src/event/quic/ngx_event_quic.h	Tue May 06 18:57:01 2025 +0400
+++ b/src/event/quic/ngx_event_quic.h	Wed May 21 03:54:45 2025 +0400
@@ -12,6 +12,18 @@
 #include <ngx_core.h>
 
 
+#ifdef SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION
+#define NGX_QUIC_QUICTLS_API                 1
+
+#elif (defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER)
+#define NGX_QUIC_BORINGSSL_API               1
+
+#else
+#define NGX_QUIC_BORINGSSL_API               1
+#define NGX_QUIC_OPENSSL_COMPAT              1
+#endif
+
+
 #define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE        65527
 
 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT  3

--- a/src/event/quic/ngx_event_quic_openssl_compat.h	Tue May 06 18:57:01 2025 +0400
+++ b/src/event/quic/ngx_event_quic_openssl_compat.h	Wed May 21 03:54:45 2025 +0400
@@ -7,11 +7,6 @@
 #ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
 #define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_
 
-#if defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION                 \
-    || defined LIBRESSL_VERSION_NUMBER
-#undef NGX_QUIC_OPENSSL_COMPAT
-#else
-
 
 #include <ngx_config.h>
 #include <ngx_core.h>
@@ -53,7 +48,4 @@
 void SSL_get_peer_quic_transport_params(const SSL *ssl,
     const uint8_t **out_params, size_t *out_params_len);
 
-
-#endif /* TLSEXT_TYPE_quic_transport_parameters */
-
 #endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */

--- a/src/event/quic/ngx_event_quic_ssl.c	Tue May 06 18:57:01 2025 +0400
+++ b/src/event/quic/ngx_event_quic_ssl.c	Wed May 21 03:54:45 2025 +0400
@@ -10,13 +10,6 @@
 #include <ngx_event_quic_connection.h>
 
 
-#if defined OPENSSL_IS_BORINGSSL                                              \
-    || defined LIBRESSL_VERSION_NUMBER                                        \
-    || NGX_QUIC_OPENSSL_COMPAT
-#define NGX_QUIC_BORINGSSL_API   1
-#endif
-
-
 /*
  * RFC 9000, 7.5.  Cryptographic Message Buffering
  *
@@ -32,7 +25,7 @@
 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
-#else
+#else /* NGX_QUIC_QUICTLS_API */
 static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
     enum ssl_encryption_level_t level, const uint8_t *read_secret,
     const uint8_t *write_secret, size_t secret_len);
@@ -108,7 +101,7 @@
     return 1;
 }
 
-#else
+#else /* NGX_QUIC_QUICTLS_API */
 
 static int
 ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
@@ -550,7 +543,7 @@
         return NGX_ERROR;
     }
 
-#ifdef OPENSSL_INFO_QUIC
+#if (NGX_QUIC_QUICTLS_API)
     if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
         SSL_set_quic_early_data_enabled(ssl_conn, 1);
     }