[ech] rewrite ESNI to ECH draft 15

h2o / picotls

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

538 stars 142 forks source link

[ech] rewrite ESNI to ECH draft 15 #437

Closed kazuho closed 1 year ago

kazuho commented 1 year ago

implementation:
- [x] full handshake
- [x] resumption
- [x] HRR
- [x] retry_config
- [x] ech_required alert
test:
- [x] confirm interop (done with crypto.cloudflare.com)
- [x] add basic tests
- [x] add matrix of tests (incl. rejection, HRR)

huitema commented 1 year ago

@kazuho do you want me to take a look at the failures on the windows test, such as https://ci.appveyor.com/project/kazuho/picotls/builds/45518912/job/ujvonq5v0g948lh5?

kazuho commented 1 year ago

@huitema Thanks I would appreciate that!

With this PR, picotls-esni is no longer built (src/esni.c is removed), with the assumption being that we do not need to provide people tools for building ECHConfigList or SVCB / HTTPS resource records.

I think that the removal has to be done on MSVC side.

kazuho commented 1 year ago

Let's merge this. It works, we have tests.

The API might be unstable. But the fact is that it cannot become stable until RFC is published.