[ech] custom TLS client hello extensions

Stephen Farrell stephen.farrell at cs.tcd.ie
Sun Mar 5 23:36:47 UTC 2023


Hiya,

Thanks all for the discussion.

On 02/03/2023 15:25, Stephen Farrell wrote:
> I coded up a test - it didn't crash or leak, but of
> course didn't work first time:-) Will work that in the
> coming days.

I've gotten that working now [1] with not too much
wrangling, and added some test code and a note in
the ECH design doc [2].

To reprise: [1] means that custom extension APIs
need no change, that the values are sent in the
outer CH and compressed in the inner CH, so get
no added protection from ECH (for now).

I guess I'll send a note to the openssl-users list
just to check that outcome doesn't upset someone.
([1] still needs a bit more tidy-up to keep CI tests
happy, so I'll fix those before sending a mail to
openssl-users)

Cheers,
S.

[1] 
https://github.com/sftcd/openssl/commit/4b6be680f7a67602a18078df169a5f8a56058299
[2] 
https://github.com/sftcd/openssl/commit/7e2ee8a21f6613423abed9d2953dc71401ed51c5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230305/c5a562f1/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230305/c5a562f1/attachment.sig>


More information about the ech mailing list