Hi, I think I have a working ESNI client, but I'm encountering a strange error testing with Cloudflare.
I initially tested with "cloudflare.com", but found this was a bad idea, because that host doesn't seem to require an SNI or ESNI. So, a bogus ESNI triggered no errors. When my client sends an ESNI to a Cloudfront-fronted domain, I get a handshake_failure error (40). According to the -02 draft, this should only happen if the server fails to negotiate TLS 1.3. I've got my client configured for TLS 1.3 only, so this shouldn't be an issue. When I add an unencrypted SNI to an otherwise identical ClientHello, everything works over TLS 1.3. If there are problems with my ESNI encryption, I should see other errors. Things like "illegal_parameter" or "decrypt_error", right? In Wireshark, I can at least see that my encrypted_server_name extension matches Firefox's cipher and key share entries, and the lengths of record_digest and encrypted_sni are the same. Firefox does send some extensions I don't, like ALPN. Does the absence of unencrypted SNI imply the presence of other extensions? I also wondered about extension order. Since the ClientHello.key_share is part of the ESNI calculation, does it need to appear first in the extensions list? thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
