Comments (4)
Status of the ecosystem:
- Latest version is https://tools.ietf.org/html/draft-ietf-tls-esni-03
- OpenSSL is waiting for the draft to be finished. openssl/openssl#7482
- Firefox+NSS supports draft -01 https://bugzilla.mozilla.org/show_bug.cgi?id=1495120 https://github.com/nss-dev/nss/blob/8a8b92f05d2d/lib/ssl/tls13esni.c
- Cloudflare supports draft -01
- picotls supports it h2o/picotls#155
- Go crypto/tls won't support it until ESNI is widely deployed: golang/go#9671 (comment)
- BoringSSL has a WIP patch for draft 4: https://boringssl-review.googlesource.com/c/boringssl/+/37704
- Chrome+boringssl does not support ESNI yet, work is in progress https://bugs.chromium.org/p/chromium/issues/detail?id=908132
Todo:
- Look at other implementations and try to come up with a reasonable API.
My initial thought is to include an array of ESNIKeys items. For TLS clients, the first item will be used. For TLS servers, a matching entry will be used. The DNS query should be handled outside crypto/tls, but we could provide some example code in a test (or maybe a separate package).
Alternatively, two functions fields could be created, ClientESNIKeys: ESNIKeys
(which would be a single item) and GetServerESNIKeys: func(record_digest []byte)
. The return values are TBD, but as the server can also provide ESNIKeys in its response for use with future connections, this must somehow be exposed as well.
I'll investigate this later.
from tls-tris.
good~
from tls-tris.
@henrydcase @f4nff @agl @henrydcase @FiloSottile
Is there a version of this library or any other Go TLS 1.3 library with E-SNI support available for testing?
I would like to setup a censorship circumvention tool for Korea.
from tls-tris.
There are currently no golang libraries that can be tested for e-sni.
from tls-tris.
Related Issues (20)
- Support for 0-RTT HOT 7
- Server resonds with incorrect error code when client sends empty list of certificates HOT 4
- add a license
- use of internal HOT 2
- Add SM- ciphersuites
- Client certificate has expired on Feb 13, 2019 HOT 1
- Wrong trace, when handshake fails on client side
- testing: one docker for testing is (more than) enough
- Create a standalone tls library that does not require patching the Go standard library HOT 1
- X25519: Check for all zeros value
- BUG: default ciphersSuites for 1.3 HOT 3
- Improve testing HOT 3
- Go 1.12/1.13 compatibility HOT 1
- build: Create debian package during build HOT 3
- Build fail on Arch Linux HOT 2
- Vendoring issues with SIKE and SIDH
- Server does not seem to support season ticket sealer in TLS 1.2
- Rebase on upstream Go crypto/tls
- Check that the library properly builds for all OS
- Add linters and checkers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tls-tris.