search

xvzcf / tls-interop-runner

Interoperability testing of TLS implementations.
Other
10 stars 13 forks source link

Upgrade ECH target to draft-ietf-tls-esni-10 #44

Closed cjpatton closed 2 years ago

cjpatton commented 3 years ago

This PR updates the NSS and Cloudflare-Go endpoints to run the latest draft of ECH. It also updates the test-input generation code accordingly.

DO NOT MERGE: Before merging, the following changes need to be made.

  1. Remove build.sh and run.sh. These outdated test scripts are used to run the ECH test cases. (These aren't currently supported in the test runner.)
  2. ~Revert change to impl-endpoint/cloudfflare-go/Dockerfile. Once https://github.com/cloudflare/go/pull/65 lands, update the file with the new commit.~
  3. Revert change to impl-endpoint/nss/Dockerfile. Once https://phabricator.services.mozilla.com/D108392 lands, update the file with the new revision.

NOTE: This PR confirms interop of ECH-10 between NSS and Cloudflare-Go. To test the NSS client against the Cloudflare-Go server, do

make testinputs
./build.sh nss cloudflare-go
./run.sh nss cloudflare-go ech-accept

Replace "ech-accept" with "ech-reject" to exercise the rejection codepath. Swap "nss" and "cloudflare-go" to test the Cloudflare-Go client against the NSS server.

cc/ @martinthomson, @chris-wood

xvzcf commented 2 years ago

Closing as this has gone stale.