testssl.sh icon indicating copy to clipboard operation
testssl.sh copied to clipboard

Published 20 hours ago verified publisher icon drwetter

[feature] ESNI (Encrypted Server Name Indication)

Open drwetter opened this issue 4 years ago • 3 comments

... see https://datatracker.ietf.org/doc/draft-ietf-tls-esni/?include_text=1

(1. Introduction DISCLAIMER: This is very early a work-in-progress design)

I haven't read it really and I can't tell whether it would be possible, one way or another. Just filing the issue so that i won't be forgotten

drwetter avatar May 14 '20 17:05 drwetter

This feature is now called Encrypted Client Hello. I don't think it is available in OpenSSL but it should be available in BoringSSL. Cloudflare uses BoringSSL to enable ECH on their sites.

Seirdy avatar Sep 12 '22 02:09 Seirdy

I am considering implementing Encrypted Client Hello (ECH) for a project and it would be great if testssl.sh could include it in its report since that's what I already use to test other TLS requirements.

thomasleplus avatar Oct 11 '23 18:10 thomasleplus

heard that, like it, but it's not a top prio on my agenda. If somebody wants to help: great!

drwetter avatar Oct 13 '23 16:10 drwetter