curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: ECH support when curl is using DoH

From: Stephen Farrell <>
Date: Wed, 13 Sep 2023 13:44:45 +0100


(Apologies for replying to myself, I didn't get
Daniel's reply yet, likely due to the fact that our
dept now use outlook instead of self-hosting our
mail servers;-( If that persists, I'll probably
subscribe to the list via another email addr. I saw
the response in the archive though, so...)


Daniel said:
> I also want to mention that we have also discussed adding support
> for HTTPS records for other purposes than ECH. More specificaly for
> selecting HTTP/3. There has also been voices "out there" talking
> about an updated take to alt-svc that would use (rely on) it so
> maybe this record will become a slightly more important piece in our
> infra going forward.

Makes sense. Be happy to work with someone who knows
what might be useful/needed there, or to try make a
PR for the non-ECH bits of our "#ifdef USE_HTTPSRR"
bits of our current code if/when that's useful. Likely
better to first handle the bit below though...

> TLS wise: I know wolfSSL already has ECH support in their API and
> possibly a few of the others libs have too. We need to think a bit
> there so that we do a proper internal API to allow other TLS backends
> to get the same functionality with causing too much pain.

Ah, didn't know that. I'll try see if I can do a version
that supports ECH with either TLS library. Any pointers to
how WolfSSL supports ECH appreciated. That's probably a
good next step anyway, as it'll also help decide which
bits of code are needed for HTTPS RR in general, which
for ECH, and which are TLS library-specific so I'll take
a look at that next and get back.


Received on 2023-09-13