Pretty cool. I'm still reading up on each but can this also be done for https termination? Is the SSL pre-read limitation the main issue there?
On Thu, 1 Jun 2023, 9:31 pm Stephen Farrell, <stephen.farr...@cs.tcd.ie> wrote: > > Hi all, > > I've been working on implementing TLS encrypted client hello > (ECH, [1]) in the OpenSSL library (current branch at [2]). > Apologies that this mail requires a bit of knowledge of > what ECH does - I'd guess some folks on here will know that > already but I'm happy to explain as needed. > > I have various proof of concept integrations for my code > including with nginx (branch at [3]). Adding support for > ECH when nginx terminates TLS was pretty straightforward > but I have a question about whether the direction I've > taken for ECH in "split-mode" is sensible or not. > > ECH "split-mode" is where nginx will do the ECH decryption > but the TLS session is negotiated between the client and > the upstream. I added some code [4] to the ssl preread > stream module that does the ECH decryption of the initial > ClientHello, then forwards on the decrypted ClientHello to > the upstream. Again that was pretty easy and seems to work > fine. > > The question that I have relates to when the TLS handshake > between client and upstream hits a HelloRetryRequest. In > that case the client will ECH encrypt it's second ClientHello > but the ssl preread module doesn't get to see that 2nd > ClientHello to attempt ECH decryption. > > So I ended up adding code [5] to the stream proxy module that > checks if we're in that ECH split-mode + "pending" HRR state > and attempts the ECH decryption if so. After (a lot:-) of > trying to figure out where to put that code, it now also > seems to work ok. > > But, I'm wondering if that's the right way to handle doing > things with the 2nd ClientHello when we hit HRR and are > using the stream module(s) but nginx is not terminating > the TLS session? > > Any comments or advice most welcome! > > Thanks, > Stephen. > > PS: It'll be a while before ECH is part of the OpenSSL > library but once that's happening I do plan to follow up > submitting these changes as they are at that time. > > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ > [2] https://github.com/sftcd/openssl/tree/ECH-draft-13c > [3] https://github.com/sftcd/nginx/tree/ECH-experimental > [4] > > https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_ssl_preread_module.c#L129 > [5] > > https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_proxy_module.c#L1719 > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx-devel >
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
