Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted Client Hello #496

Open
12 of 23 tasks
kazu-yamamoto opened this issue Feb 28, 2025 · 1 comment
Open
12 of 23 tasks

Encrypted Client Hello #496

kazu-yamamoto opened this issue Feb 28, 2025 · 1 comment

Comments

@kazu-yamamoto
Copy link
Collaborator

kazu-yamamoto commented Feb 28, 2025
edited
Loading

  • Enhancing crypton library for HPKE
    • uploading to Hackage
  • hpke library
    • uploading to Hackage
  • ech-config library to glue DNS and TLS
    • uploading to Hackage
  • ECH server
    • Full handshake
    • HelloRetryRequest
    • Interop
      • DEfO OpenSSL
      • picotols
      • boringSSL
      • NSS
  • ECH client
    • Full handshake
    • HelloRetryRequest
    • Grease PSK
    • Grease ECH
    • Interop
      • DEfO OpenSSL
      • picotols
      • boringSSL
      • NSS
  • Common
    • HPKE error to TLS error
    • Error cases
    • Testing with hspec
@kazu-yamamoto
Copy link
Collaborator Author

Client usage

Assuming our server supports X25519 only.

DEfO OpenSSL

% util/opensslwrap.sh s_client -4 -connect localhost:4433 \
   -ech_config_list `base64 -i localhost-public.conf` \
   -alpn http/1.1 \
   -servername localhost
% util/opensslwrap.sh s_client -4 -connect localhost:4433 \
   -ech_config_list `base64 -i localhost-public.conf` \
   -alpn http/1.1 \
   -servername localhost \
    -curves P-256:X25519

picotls

% cli -4 -N x25519 -E localhost-public.conf localhost 4433
% cli -4 -n -N x25519 -E localhost-public.conf localhost 4433

BoringSSL

% build/tool/bssl client -connect 127.0.0.1:4433 \      
    -ech-config-list localhost-public.conf \
    -server-name localhost
% build/tool/bssl client -connect 127.0.0.1:4433 \      
    -ech-config-list localhost-public.conf \
    -server-name localhost \
    -curves P-256:X25519

NSS

% dist/$PLATFORM/bin/tstclnt -D -o -v \
    -V tls1.3:tls1.3 \
    -h 127.0.0.1 -p 4433 \
    -N `base64 -i localhost-public.conf` \
    -a localhost-public
    -v
% dist/$PLATFORM/bin/tstclnt -D -o -v \
    -V tls1.3:tls1.3 \
    -h 127.0.0.1 -p 4433 \
    -N `base64 -i localhost-public.conf` \
    -a localhost-public
    -v \
    -I P521,x25519

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kazu-yamamoto