[ech] TLSProxy and ECH

[Stephen Farrell]

Hi Matt,

On 22/03/2023 11:31, Matt Caswell wrote:
> 
> There *is* a potential alternative in the form of the QUIC fault 
> injector which does much the same thing but for QUIC. It includes the 
> ability to inject TLS faults into a QUIC TLS handshake. It does this 
> from pure C code. I believe it would be possible to extend the concept 
> to be able to do the same thing for standalone TLS.

Thanks for that, will take a peek at it.

I was more or less reaching the conclusion that something
along those lines will be needed for ECH - during the
original development I managed to break things in fun ways
that really need to be part of the test suite, e.g. to check
the de-compression stuff that's done on a server in the face
of badly done compression (compression here meaning the ECH
concept of including a set of extension types in the encoded
inner CH where the extension values for the finally decoded
inner CH will have copies of the extension values from the
outer CH).

I figure I might be able to do some such tests using sets
of sample fragments of captured ClientHello messages and
then using the HPKE APIs to create ECH values that will
decrypt ok, but where the recovered plaintext is borked
in various ways.

Anyway, that's what I plan to investigate next. Will get
back when that's reached something someone could take a
useful look at.

Cheers,
S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230322/b0dc64bb/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230322/b0dc64bb/attachment.sig>