Hiya,
I just rebased my ECH-enabled curl fork. [1] My tests with 8.6.1 show up something new/bad compared to my previous 8.6.0 build. I have some ``openssl s_server -WWW`` listeners (e.g. at [2]) for test purposes. s_server is useful for when I want to see mega tracing sometimes or to run against a server inside gdb. With 8.6.0 that worked fine. With 8.6.1 it seems ECH still works and the HTTPS response is fine, but the client blocks and holds open or doesn't close the TCP connection. ``openssl s_server -WWW`` is of course a mega-basic type of not-really a proper web server but still be good if this worked as before. Turning on or off ECH doesn't affect the behaviour. My 8.6.1 build works fine vs. ECH_enabled apache, nginx, lghttpd and haproxy servers as before. If I add a ``-m 2`` timeout to the client command line, it times out returning 28 as expected. Without that it hangs there for as long as I've been willing to wait:-) I tried some HTTP protocol variations e.g. ``--http1.1`` but that doesn't seem to affect things. I'm just starting to look into this, but any ideas as to where to look? E.g. changes between 8.6.0 and 8.6.1 that might affect how a TLS close_notify is handled or how the client closes a TCP socket when running a v. basic or unknown version of HTTP? Thanks, S. [1] https://github.com/sftcd/curl/tree/ECH-experimental [2] https://draft-13.esni.defo.ie:8413/stats
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
