Hiya,
I've put up a bunch of server instances for ECH draft-13
interop as described below and at [1].
- OpenSSL s_server: draft-13.esni.defo.ie:8413 using all algs
- OpenSSL s_server: draft-13.esni.defo.ie:8414 likely forces
HRR as it only likes P-384 for TLS
- lighttpd: draft-13.esni.defo.ie:9413
- nginx: draft-13.esni.defo.ie:10413
- apache: draft-13.esni.defo.ie:11413
- haproxy: draft-13.esni.defo.ie:12413 shared mode
(haproxy terminates TLS)
- haproxy: draft-13.esni.defo.ie:12414 split mode
(haproxy only decrypts ECH)
Those all use the latest branch of my OpenSSL fork [2]. There
are links to the server source for each at [1]. Each of the
above have keys (well, the same key:-) published in DNS.
I also think my (of course still radically imperfect:-) code
interops with boringssl and the test server Cloudflare have
put up. I've still to try get HRR working in split mode but
will be working on that shortly, other than that though, the
spec seems implementable, if complex for my wee brain:-)
Those aren't setup to be resilient as I'd like to see some
detail if they crash, so in that case, or if stuff just
doesn't work, mail me and we can figure a way to test stuff.
Cheers,
S.
[1] https://defo.ie/
[2] https://github.com/sftcd/openssl/tree/ECH-draft-13a
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
