[ech] fuzzing ECH (Was: Re: ECH PR reviews...)
Salz, Rich
rsalz at akamai.com
Wed Dec 13 21:55:35 UTC 2023
> Does anyone have/know-of a published corpus that'd help the
fuzzer explore the space of ClientHello messages better, or
even code for a structure-aware thing (a la [1]) that knows TLS
presentation syntax?
Perhaps Juraj's TLS attacker[1] would be a good place to start. He has a paper[2] and has submitted bugs and fixes to OpenSSL in the past. Maybe he can get a grad student to do the work :)
[1] https://github.com/tls-attacker/TLS-Attacker
[2] https://www.nds.rub.de/research/publications/systematic-fuzzing-and-testing-tls-libraries/
More information about the ech
mailing list