[ech] custom TLS client hello extensions
Matt Caswell
matt at openssl.org
Fri Mar 3 09:45:30 UTC 2023
On 02/03/2023 16:48, Salz, Rich wrote:
>
>> Almost. The custom ext type would also need to be in the
> inner CH (in compressed form) to get best interop I guess.
>
> Perhaps we can ask on the TLS list what people are expecting. I think "custom extensions" are not widely used. Maybe Matt has some feedback. I think, especially given OpenSSL's history, trying to anticipate all needs is a mistake. And then we're stuck with a misfit API, have to add "_ex" or worse "_ex2" functions and so on.
>
I think the main use case that I'm aware of for custom extensions is to
support signed_certificate_timestamp. There's no direct built-in support
for that but its straight forward to add it via a "serverinfo" file
which uses the custom extensions API.
As previously mentioned we're using it internally for quic transport
parameters.
Matt
More information about the ech
mailing list