Hi, I thought I would pass on a useful development configuration I've found for ECH:
1) Run https://github.com/FiloSottile/mkcert as in the readme, and add a cert for "localhost", "example.com", etc 2) Install Cloudflare's copy of Go and its standard library, https://github.com/cloudflare/go, using these instructions https://go.dev/doc/install/source 3) Generate ECH keys and configs with BoringSSL: https://github.com/google/boringssl/commit/7a817f48bafee508b2d23ad278f892ee1cb32b91 (but add a -max-name-length argument, I used 128 to test padding) 4) BoringSSL will produce "ech.key" and "ech_config.data" for the server, and "ech_config_list.data" for the client. Encode "ech.key" as a U16 TLS payload, then encode "ech_config.data" as a TLS struct, and then encode the serialized TLS struct as a U16 TLS payload. 5) Write a little server like this: https://gist.github.com/sayrer/043203ef601d9adca1b357c82041cbc9 Now you can edit and log the Go TLS standard library code to test your client, so you're not testing against your own assumptions or a remote server you can't debug. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
