sftcd
sftcd
I guess maybe some other bug then, but good for some wolfssl person to check. (And if there's a way to check ECH with FB sites, I'd be happy to...
Hiya, I did the PoC referred to above. While it'll be a while before that'd be ready, there are two things on which some discussion could be useful in the...
On 13/09/2023 07:35, 陈杨文 wrote: > Chrome 117 support ECH now, any news on HAProxy ECH ? No news wrt releases from here, but we've kept our OpenSSL ECH work...
Not sure I understand the problem, but am interested - can you elaborate?
Don't have much time to comment now, but just to note that ECH does not involve use of new "certs" so the descriptions above are off-base a bit.
Sorta. With ECH a browser will emit an initial TLS message (the ClientHello) that can only be fully processed by the entity with the relevant ECH private key. As I...
If you only use CF for DNS, then ECH shouldn't be in the picture. CF would have to be adding "ech=" values into your HTTPS RRs for that to happen....
For example: ``` $ dig +short https rte.ie 1 . alpn="h3,h2" ipv4hint=104.18.142.17,104.18.143.17 ipv6hint=2606:4700::6812:8e11,2606:4700::6812:8f11 ``` Is for a CF customer (I think) but has no ech= and hence ECH will not...
Not sure - I'm not familiar with CF's biz model(s), sorry. Doesn't (so far) sound like a browser bug though, but one could tell for a given DNS name using...
I see the same ``dig`` outputs as the post just above, e.g.: ``` $ dig +short sonoransoftware.com https 1 . alpn="h3,h2" ipv4hint=104.21.38.120,172.67.222.151 ech=AEX+DQBB+QAgACDX9TC2tUA8p/hiOiEab+YAtdI17bmXO1p6YjCnlkiXcwAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= ipv6hint=2606:4700:3031::6815:2678,2606:4700:3037::ac43:de97 ```