johanvos  

I hacked some ECH (encrypted client hello) support in the JDK network stack the other day (in TLS 1.3).
github.com/johanvos/jdk/tree/e

#java #ECH #openjdk

1
Guardian Project
Follow

@johanvos very cool! Do you have any more information about how far you got with it? By the way, we're part of the defo.ie/ project to help people implement ECH. Reach out if you get stuck: social.librem.one/@guardianpro

· Web · 1 · 0 · 1
johanvos  

@guardianproject Oh nice. I used defo.ie for testing :) It works as in:
* inner ECH is sent correctly inside outer ECH, CFS forwards inner ECH to origin server, which replies with SH, and client processes that, TLS session starts.

Not implemented: ECH Config retry and Grease.

ECH is a fantastic standard. I wish there were more providers with a CFS (in split mode) though...

0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml