HPKE recently removed the Hash() interface from the KDF, which means we need to either (a) change how the config_digest (formerly record_digest) is computed, or (b) constrain ECH to HKDF-based HPKE ciphersuites. This PR takes approach (b):
https://github.com/tlswg/draft-ietf-tls-esni/pull/271 Please have a look and provide feedback. Thanks, Chris _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
