Support ESNI

[kriskwiatkowski]

The point of this ticket is to support E-SNI:

https://blog.cloudflare.com/encrypted-sni https://tools.ietf.org/html/draft-ietf-tls-esni-01

[f4nff]

good～

[CetinSert]

@henrydcase @f4nff @agl @henrydcase @FiloSottile Is there a version of this library or any other Go TLS 1.3 library with E-SNI support available for testing? I would like to setup a censorship circumvention tool for Korea.

[f4nff]

There are currently no golang libraries that can be tested for e-sni.

[Lekensteyn]

Status of the ecosystem:

• Latest version is https://tools.ietf.org/html/draft-ietf-tls-esni-03
• OpenSSL is waiting for the draft to be finished. https://github.com/openssl/openssl/issues/7482
• Firefox+NSS supports draft -01 https://bugzilla.mozilla.org/show_bug.cgi?id=1495120 https://github.com/nss-dev/nss/blob/8a8b92f05d2d/lib/ssl/tls13esni.c
• Cloudflare supports draft -01
• picotls supports it https://github.com/h2o/picotls/pull/155
• Go crypto/tls won't support it until ESNI is widely deployed: https://github.com/golang/go/issues/9671#issuecomment-439561672
• BoringSSL has a WIP patch for draft 4: https://boringssl-review.googlesource.com/c/boringssl/+/37704
• Chrome+boringssl does not support ESNI yet, work is in progress https://bugs.chromium.org/p/chromium/issues/detail?id=908132

Todo:

• Look at other implementations and try to come up with a reasonable API.

My initial thought is to include an array of ESNIKeys items. For TLS clients, the first item will be used. For TLS servers, a matching entry will be used. The DNS query should be handled outside crypto/tls, but we could provide some example code in a test (or maybe a separate package).

Alternatively, two functions fields could be created, ClientESNIKeys: ESNIKeys (which would be a single item) and GetServerESNIKeys: func(record_digest []byte). The return values are TBD, but as the server can also provide ESNIKeys in its response for use with future connections, this must somehow be exposed as well.

I'll investigate this later.