ameshkov/gocurl

Add ECH support to gocurl

ameshkov opened this issue · 0 comments

ameshkov commented

Could be achieved using Cloudflare's fork of crypto/tls here:
https://github.com/cloudflare/go/issues

There are several things to address here.

  1. The "normal" ECH that relies on ECHConfig from a DNS query. This one is pretty straightforward to implement: check DNS records, compose ECHConfig, try to open a connection.
  2. Custom ECHConfig. gocurl should provide an option to specify the ECH configuration that will be used when making a connection. Custom server name for ClientHelloOuter?.
  3. Finally, there's HelloRetryRequest handling, I should check if Cloudflare's go fork properly supports it.

ECH RFC: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/