[ech] custom TLS client hello extensions

David Benjamin davidben at google.com
Thu Mar 2 18:08:47 UTC 2023


On Thu, Mar 2, 2023 at 10:43 AM Stephen <stephen at jell.ie> wrote:

>
> Hiya,
>
> On 02/03/2023 15:30, David Benjamin wrote:
> > There was some previous discussion of this here:
> >
> https://github.com/tlswg/draft-ietf-tls-esni/issues/398#issuecomment-796287240
>
> Yep, another argument I lost:-)
>

With or without the compression mechanism, this issue would come up. This
question comes from the two-ClientHello design of ECH.


> > For existing API callers, I think the two reasonable options are to put
> it
> > in both or just in the inner ClientHello.
>
> Question for ya: does boring support the same custom
> extension handling APIs as openssl?
>

No. We removed it because we decided, per that discussion thread, that they
weren't a good idea given an evolving TLS protocol. Case in point, this
discussion. :-)


> If so, I guess we should do the same thing and have
> you done anything for that already?
>
> Ta,
> S.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230302/5bf1356d/attachment.htm>


More information about the ech mailing list