Closed Bug 1654332 Opened 4 years ago Closed 4 years ago

Implement Encrypted Client Hello in NSS

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kjacobs, Assigned: kjacobs)

References

Details

Attachments

(3 files)

Bug 1654332 - Update ESNI to draft-08 (ECH).
47 bytes, text/x-phabricator-request
Details | Review
Bug 1654332 - Buffered ClientHello construction.
47 bytes, text/x-phabricator-request
Details | Review
Bug 1654332 - Fixup a10493dcfcc9: copy ECHConfig.config_id with socket
47 bytes, text/x-phabricator-request
Details | Review

Tracking ECH implementation in NSS.

Blocks: 1590863

Depends on D73947

Blocks: 1671885
Attachment #9168317 - Attachment description: Bug 1654332 - Update ESNI to draft-07 (ECH). → Bug 1654332 - Update ESNI to draft-08 (ECH), GREASE ECH enabled.
See Also: → 1677181
Attachment #9168317 - Attachment description: Bug 1654332 - Update ESNI to draft-08 (ECH), GREASE ECH enabled. → Bug 1654332 - Update ESNI to draft-08 (ECH).
Blocks: 1678079

A late review change for ECH was for the server to compute each ECHConfig config_id when set to the socket, rather than on each connection. This works, but now we also need to copy that config_id when copying a socket, else the server won't find a matching ECHConfig to use for decryption.

(In reply to Kevin Jacobs [:kjacobs] from comment #4)

Will open new bugs for -09.

Is any new bug opened? Can't find any by searching

(In reply to Leo_sk from comment #5)

(In reply to Kevin Jacobs [:kjacobs] from comment #4)

Will open new bugs for -09.

Is any new bug opened? Can't find any by searching

-09 is not finalized yet, but I've opened bug 1681585 to track this.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: