Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: ECH support when curl is using DoH
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Stephen Farrell <stephen.farrell_at_cs.tcd.ie>
Date: Wed, 13 Sep 2023 13:44:45 +0100
Hiya,
(Apologies for replying to myself, I didn't get
Daniel's reply yet, likely due to the fact that our
dept now use outlook instead of self-hosting our
mail servers;-( If that persists, I'll probably
subscribe to the list via another email addr. I saw
the response in the archive though, so...)
Hiya,
Daniel said:
> I also want to mention that we have also discussed adding support
> for HTTPS records for other purposes than ECH. More specificaly for
> selecting HTTP/3. There has also been voices "out there" talking
> about an updated take to alt-svc that would use (rely on) it so
> maybe this record will become a slightly more important piece in our
> infra going forward.
Makes sense. Be happy to work with someone who knows
what might be useful/needed there, or to try make a
PR for the non-ECH bits of our "#ifdef USE_HTTPSRR"
bits of our current code if/when that's useful. Likely
better to first handle the bit below though...
> TLS wise: I know wolfSSL already has ECH support in their API and
> possibly a few of the others libs have too. We need to think a bit
> there so that we do a proper internal API to allow other TLS backends
> to get the same functionality with causing too much pain.
Ah, didn't know that. I'll try see if I can do a version
that supports ECH with either TLS library. Any pointers to
how WolfSSL supports ECH appreciated. That's probably a
good next step anyway, as it'll also help decide which
bits of code are needed for HTTPS RR in general, which
for ECH, and which are TLS library-specific so I'll take
a look at that next and get back.
Cheers,
S.
Received on 2023-09-13
Date: Wed, 13 Sep 2023 13:44:45 +0100
Hiya,
(Apologies for replying to myself, I didn't get
Daniel's reply yet, likely due to the fact that our
dept now use outlook instead of self-hosting our
mail servers;-( If that persists, I'll probably
subscribe to the list via another email addr. I saw
the response in the archive though, so...)
Hiya,
Daniel said:
> I also want to mention that we have also discussed adding support
> for HTTPS records for other purposes than ECH. More specificaly for
> selecting HTTP/3. There has also been voices "out there" talking
> about an updated take to alt-svc that would use (rely on) it so
> maybe this record will become a slightly more important piece in our
> infra going forward.
Makes sense. Be happy to work with someone who knows
what might be useful/needed there, or to try make a
PR for the non-ECH bits of our "#ifdef USE_HTTPSRR"
bits of our current code if/when that's useful. Likely
better to first handle the bit below though...
> TLS wise: I know wolfSSL already has ECH support in their API and
> possibly a few of the others libs have too. We need to think a bit
> there so that we do a proper internal API to allow other TLS backends
> to get the same functionality with causing too much pain.
Ah, didn't know that. I'll try see if I can do a version
that supports ECH with either TLS library. Any pointers to
how WolfSSL supports ECH appreciated. That's probably a
good next step anyway, as it'll also help decide which
bits of code are needed for HTTPS RR in general, which
for ECH, and which are TLS library-specific so I'll take
a look at that next and get back.
Cheers,
S.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
- application/pgp-keys attachment: OpenPGP public key
- application/pgp-signature attachment: OpenPGP digital signature