Hi all,
I've been working on implementing TLS encrypted client hello (ECH, [1]) in the OpenSSL library (current branch at [2]). Apologies that this mail requires a bit of knowledge of what ECH does - I'd guess some folks on here will know that already but I'm happy to explain as needed. I have various proof of concept integrations for my code including with nginx (branch at [3]). Adding support for ECH when nginx terminates TLS was pretty straightforward but I have a question about whether the direction I've taken for ECH in "split-mode" is sensible or not. ECH "split-mode" is where nginx will do the ECH decryption but the TLS session is negotiated between the client and the upstream. I added some code [4] to the ssl preread stream module that does the ECH decryption of the initial ClientHello, then forwards on the decrypted ClientHello to the upstream. Again that was pretty easy and seems to work fine. The question that I have relates to when the TLS handshake between client and upstream hits a HelloRetryRequest. In that case the client will ECH encrypt it's second ClientHello but the ssl preread module doesn't get to see that 2nd ClientHello to attempt ECH decryption. So I ended up adding code [5] to the stream proxy module that checks if we're in that ECH split-mode + "pending" HRR state and attempts the ECH decryption if so. After (a lot:-) of trying to figure out where to put that code, it now also seems to work ok. But, I'm wondering if that's the right way to handle doing things with the 2nd ClientHello when we hit HRR and are using the stream module(s) but nginx is not terminating the TLS session? Any comments or advice most welcome! Thanks, Stephen. PS: It'll be a while before ECH is part of the OpenSSL library but once that's happening I do plan to follow up submitting these changes as they are at that time. [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ [2] https://github.com/sftcd/openssl/tree/ECH-draft-13c [3] https://github.com/sftcd/nginx/tree/ECH-experimental[4] https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_ssl_preread_module.c#L129 [5] https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_proxy_module.c#L1719
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
