[ech] custom TLS client hello extensions

Matt Caswell matt at openssl.org
Fri Mar 3 09:45:30 UTC 2023

On 02/03/2023 16:48, Salz, Rich wrote:
>> Almost. The custom ext type would also need to be in the
> inner CH (in compressed form) to get best interop I guess.
> Perhaps we can ask on the TLS list what people are expecting. I think "custom extensions" are not widely used.  Maybe Matt has some feedback. I think, especially given OpenSSL's history, trying to anticipate all needs is a mistake. And then we're stuck with a misfit API, have to add "_ex" or worse "_ex2" functions and so on.

I think the main use case that I'm aware of for custom extensions is to 
support signed_certificate_timestamp. There's no direct built-in support 
for that but its straight forward to add it via a "serverinfo" file 
which uses the custom extensions API.

As previously mentioned we're using it internally for quic transport 


More information about the ech mailing list