Thanks, Stephen! For the record, Cloudflare's test server is crypto.cloudflare.com. Like draft-13.esni.defo.ie:8413, you can trigger HRR by offering only a P-384 key share in the initial ClientHello.
Best, Chris P. On Tue, Sep 14, 2021 at 5:12 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > Hiya, > > I've put up a bunch of server instances for ECH draft-13 > interop as described below and at [1]. > > - OpenSSL s_server: draft-13.esni.defo.ie:8413 using all algs > - OpenSSL s_server: draft-13.esni.defo.ie:8414 likely forces > HRR as it only likes P-384 for TLS > - lighttpd: draft-13.esni.defo.ie:9413 > - nginx: draft-13.esni.defo.ie:10413 > - apache: draft-13.esni.defo.ie:11413 > - haproxy: draft-13.esni.defo.ie:12413 shared mode > (haproxy terminates TLS) > - haproxy: draft-13.esni.defo.ie:12414 split mode > (haproxy only decrypts ECH) > > Those all use the latest branch of my OpenSSL fork [2]. There > are links to the server source for each at [1]. Each of the > above have keys (well, the same key:-) published in DNS. > > I also think my (of course still radically imperfect:-) code > interops with boringssl and the test server Cloudflare have > put up. I've still to try get HRR working in split mode but > will be working on that shortly, other than that though, the > spec seems implementable, if complex for my wee brain:-) > > Those aren't setup to be resilient as I'd like to see some > detail if they crash, so in that case, or if stuff just > doesn't work, mail me and we can figure a way to test stuff. > > Cheers, > S. > > [1] https://defo.ie/ > [2] https://github.com/sftcd/openssl/tree/ECH-draft-13a > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
