[ech] TLSProxy and ECH

Wed Mar 22 11:12:02 UTC 2023

On Tuesday, 21 March 2023 21:24:38 CET, Dmitry Belyavsky wrote:
> Dear Stephen,
>
> I'd consider TLSfuzzer (written in Python) for this purpose

While tlsfuzzer doesn't support ECH (or the earlier ESNI) it's something
we'd definitely like to have: 
https://github.com/tlsfuzzer/tlsfuzzer/issues/606

Tlsfuzzer is also integrated into openssl test suite (though not all test
cases are executed).

The other upside is that tlsfuzzer is intended to be
server-agnosic, so test cases in it will be useful for other 
implementations
too (improving interoperability in general).
In some ways it's also useful in that it re-implements all the algorithms
in pure python (for portability) so it effectively also tests the 
algorithms
against a completely different implementation.

> On Tue, 21 Mar 2023, 20:19 Stephen Farrell, <stephen.farrell at cs.tcd.ie>
> wrote:
>
>> 
>> Hiya,
>> 
>> My possibly incorrect understanding is that the TLSProxy
>> is a bunch of perl code used for tests, that re-implements
>> variants of the TLS handshake so they can contain e.g. badly
>> encoded messages.
>> 
>> Something like that is definitely needed to properly test
>> ECH, but I don't currently speak perl:-) So I wanted to
>> check if that perl TLSProxy code is the long term plan or
>> if it's something felt to be approaching end of life? (I'm
>> willing to try dive in to it, but don't wanna do that if
>> some other plan would be better longer term.)
>> 
>> Thoughts?
>> 
>> Thanks,
>> S.
>> --
>> ech mailing list
>> ech at openssl.org
>> https://mta.openssl.org/mailman/listinfo/ech
>> 
>
>

-- 
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic