On Sun, Sep 1, 2024 at 4:10 PM Daniel Lenski <dlen...@gmail.com> wrote: > > On Sun, Sep 1, 2024 at 1:46 PM Moorko <m...@moorko.net> wrote: > > > > Thanks for your detailed response, Daniel. > > > > I now realize that I clearly missed the big picture here as I'm relatively > > new to this domain. > > No worries! Looks like you're tackling a tricky problem and asking the > right questions :-) > > > > I'm not sure what "flexible" means specifically. > > > > I'm implementing a TLS handshake fragmentation feature for OpenConnect so > > that it can better resist internet censorship in Iran (and potentially in > > other places as well). > > Ah. We have a tag for Iran-censorship-related issues, definitely > peruse these if you haven't already: > https://gitlab.com/openconnect/openconnect/-/issues/?label_name%5B%5D=Damet%20Garm
You might also be interested in https://gitlab.com/openconnect/openconnect/-/merge_requests/297, where I added the `--sni` option to aid in https://en.wikipedia.org/wiki/Domain_fronting (another anti-censorship technique). That one also required some careful fine-tuning to handle the change in expectations of the server's TLS certificate when built with either OpenSSL or GnuTLS. _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
