We just created a #HOWTO for how to set up dev/test servers using our #TLS #EncryptedClientHello #ECH enabled forks of #OpenSSL #nginx and #curl running on #Debian. It should be very quick to get started using a new domain: https://guardianproject.info/2023/11/10/quick-set-up-guide-for-encrypted-client-hello-ech/
@colincogle @guardianproject you could use the same hostname for both the "public_name" and the SNI in the inner ClientHello. That works, but then "public_name" is clear text, so this setup would not protect the hostname. The "public_name' is generally the CDN, then the encrypted SNI would have the actual hostname. For example, public_name as cloudflare-ech.com and inner SNI as rte.ie.
@eighthave @guardianproject Ah, I see. My personal web site is on its own dedicated IP addresses, so I wouldn’t have any tangible security benefit from #ECH, only what little performance boost this might bring.
@guardianproject
Does this fork have QUIC protocol support?
@guardianproject This is the first tutorial I’ve ever seen. Thank you for writing this! However, why do we need to create a separate hostname instead of adding #ECH records for an existing hostname?