Hiya,
A few months back I posted a PR [1] for ECH. The ECH spec has now finished working group last call in the IETF TLS WG [2] so will likely become an RFC with no substantive change in a few months. My PR [1] has support for use of OpenSSL (via my ECH-enabled fork), and for boringssl and wolfssl. If there's an appetite for moving this along to be an experimental feature, I'd be able to devote some tome to that in the next while. (Not that I've figured out curl release cycles, so "next while" is fairly flexible:-) The main missing things before this could be said to be fully done would be: - tests - there's currently a separate bash script for doing tests as I'm not sure how to create real ECH tests without implementing an ECH-enabled server just for the test harness - the handling of HTTPS RRs is relatively basic for now, but improving on that would likely be better as a separate PR anyway, so that's probably not a biggie - to the extent that boringssl even has "releases," ECH support for curl builds that use boringssl seems to work just fine - I have a similar PR for ECH-enabling OpenSSL [3] but as that's a whopper of a PR, it'll likely be some time before OpenSSL releases include ECH - last time I tested there was a bug in wolfssl's ECH handling (only in the exceptional case when one hits HRR) - I'm not sure if that's been fixed since or not I'm not sure if any of the above would be considered a blocker for merging as an experimental feature. Anyway, I'm available to respond to reviews and do bits of work if it's now timely to move this along. OTOH, if now's not the time, that's ok too. Cheers, S. [1] https://github.com/curl/curl/pull/11922 [2] https://mailarchive.ietf.org/arch/msg/tls/PYohY5ND75ixDqupTY6bgNgitMY/ [3] https://github.com/openssl/openssl/pull/22938
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
