curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: ECH support when curl is using DoH

From: Stephen Farrell <>
Date: Sat, 16 Sep 2023 01:47:31 +0100


On 15/09/2023 16:14, Daniel Stenberg wrote:
> On Thu, 14 Sep 2023, Stephen Farrell wrote:
>> I've only gotten this working on a localhost test so far but reckon I
>> should have curl+ECH working with either OpenSSL or WolfSSL in the
>> next week or so. Once I'm there, is it worth making a PR for curl on
>> github to get feedback
> Sure, why not?!

Will do that so:-)

As of now, I have both curl+OpenSSL+ECH and curl+WolfSSL+ECH
working more or less the same wrt ECH, both being able to
take an ECHConfig from command line or from an HTTPS RR in

I still have to add more HTTPS RR parsing (e.g. to pull out
ALPNs and IP address hints) and for some reason the WolfSSL
version doesn't like the public key cert (--capath
doesn't seem to work the same with both?), but the ECH
handling is the same, so things seem in good shape. I guess
that attempting to walk the DNS tree if an aliasMode HTTPS
RR is found is ok to leave for later. (So I plan to leave
that for later:-)

Question: what, if anything, is worth doing now to consider
how applications using libcurl might make use of ECH? If the
answer is "don't worry about that yet", I'm fine with that,
if there's something obvious to do, happy to do that before
I make a PR.


Received on 2023-09-16