SSL_get0_ech_retry_configs for recovery from key mismatches
SSL_get0_ech_name_override for custom verifiers to support fallback to non-ECH
SSL_ech_accepted for completeness
The server APIs would also be good to add, and might be the best way to write a test, but they're a little more involved (EVP_HPKE_KEY has to be exposed in order to provide SSL_ECH_KEYS_add).
Hi, yes, I'll be getting to this shortly as we want to implement ECH for some internal rust projects. I'll add the client APIs as well. Will use this issue to track
Now that Cloudflare is rolling out ECH again, it'd be great to see the ECH client APIs exposed in
boring
:SSL_set1_ech_config_list
for basic supportSSL_get0_ech_retry_configs
for recovery from key mismatchesSSL_get0_ech_name_override
for custom verifiers to support fallback to non-ECHSSL_ech_accepted
for completenessThe server APIs would also be good to add, and might be the best way to write a test, but they're a little more involved (
EVP_HPKE_KEY
has to be exposed in order to provideSSL_ECH_KEYS_add
).