[ech] custom TLS client hello extensions
Matt Caswell
matt at openssl.org
Thu Mar 2 10:34:26 UTC 2023
On 02/03/2023 01:25, Stephen Farrell wrote:
>
> Hiya,
>
> One of the outstanding things I need to figure out for
> ECH is how (or whether) to handle custom extensions [1]
> for client hello messages. So far, I've done basically
> nothing about those but at least considering it seems
> like a thing that needs doing.
>
> So - does anyone have a pointer to an example of code
> that uses such extensions? That'd help me try figure out
> how to handle 'em with ECH, if that turns out to be
> needed. (Or to at least test that I'm not breaking
> stuff:-)
Well there are some tests of the custom extensions code here:
https://github.com/openssl/openssl/blob/d0a3b9d1eb1fc510ec3447b44803bbf5520a0c47/test/sslapitest.c#L5837-L6069
The "serverinfo" code also uses custom extensions internally, so this
test is also relevant:
https://github.com/openssl/openssl/blob/d0a3b9d1eb1fc510ec3447b44803bbf5520a0c47/test/sslapitest.c#L6116-L6201
The QUIC transport parameters are also implemented via custom extensions
- but this uses some internal APIs to do it so I'm not sure how easy it
would be to isolate this code:
https://github.com/openssl/openssl/blob/d0a3b9d1eb1fc510ec3447b44803bbf5520a0c47/ssl/quic/quic_tls.c#L671-L683
Matt
More information about the ech
mailing list