chika0801
commented
7 months ago How to add it in the ECH client and server configuration is something I think you'll understand if you check the documentation. How to generate key pairs for ECH, I was using the sing-box help command to check the author's tips for that.
Then I remembered that when this command is generated, it asks you to enter an SNI URL for the outer surface of the ECH, which I asked someone else at the time through Google searches and other means such as asking AI, and I was told that the advice was that the outer SNI URL is also the same as the domain name that is included in my own SSL certificate that I actually use on my VPS. I tested it that way as well.
The other thing that I find difficult is the configuration file that both ends have to write the generated key pairs to, you have to pay attention to the JSON language format, you need to search for it yourself or ask the AI for a way to do it.
I did not use a packet capture program to measure the packet captured to show what the ECH outer URL (I will not use a packet capture program). And I'm assuming that I've written the ECH configuration correctly on both ends. I don't know of any easy way to verify that it's actually working, other than grabbing packets.
And for example, in China, using ECH to access my VPS is also a strong feature when looking at the government firewall level. So I tested it and didn't continue to use it myself.
Another usage that I've heard discussed by others is that when you use a self-signed SSL certificate, the outer SNI of the ECH uses the URLs of other regular sites, which may have an effect. I haven't tried it.
bart3nder
Hi! Can you please provide an example of using ECH? like where to config and with what parameters and values? thanks!