arapov
commented
3 months ago +1
Closed sftcd closed 3 months ago
arapov
commented
3 months ago +1
levitte
commented
3 months ago +1
mattcaswell
commented
3 months ago This has been approved.
@t8m - please could you create the branch?
t8m
commented
3 months ago https://github.com/openssl/openssl/tree/feature/ech branch created
Encrypted Client Hello (ECH) is a privacy enhancing extension to the TLS handshake that has been developed in the IETF TLS WG. The specificcation has undergone WG last call and should subsequently become an RFC in the not too distant future. ECH is currently implemented in browsers and is enabled by default. The boringssl and NSS impementations of TLS now include ECH and some other TLS libraries also have implementations. ECH for OpenSSL was previously discussed in https://github.com/openssl/openssl/issues/7482 and https://github.com/openssl/private/issues/528
Over the last few years, we have developed an ECH implementation that interoperates with browsers and other servers implementing ECH. The "development" branch for that is here. That implementation is fully-featured and includes test code but has not been reviewed by project members.
We also prepared a PR https://github.com/openssl/openssl/pull/22938 but that has not so far been reviewed, perhaps primarily due to it's size. Unfortunately, ECH is a complex protocol change and affects many parts of the TLS implementation, leading to a PR that is likely too large to review within the 6 monthly release cadence. Hence the request for a feature branch.
We have some funding (from OTF) that covers my work to further develop this ECH implementation and to work with the project team, e.g. in response to reviews. (See https://defo.ie for details.) ECH code from that project has been added to curl as an experimental feature. We have proof-of-concept integrations of our ECH implementation with haproxy, apache, nginx and lighttpd. We also maintain a CI setup for our ECH code at https://github.com/defo-project/ that does a daily merge of our ECH enabled code with relevant upstreams and alerts us whenever merge issues arise. (So rebasing the proposed feature branch will be almost no cost.)
Reviewing this feature branch will require a commitment of time and effort from project team members.
If it makes sense to not name the feature branch "ECH" then fwiw we've used "ECH-experimental" as the name of the branches in other cases.