sftcd

On 01/12/2022 21:11, Shane wrote: > If we knew if we were doing a seal or open operation beforehand the > init of the cipher and key could be done...

Hiya, I've coded up a proof-of-concept version of the client-side of ESNI for openssl. It works with the CloudFlare deployment and doesn't seem to fall over (but no guarantees:-). The...

Dunno, sorry, haven't ever looked inside BoringSSL. Happy to play about and see if that's useful at some point and someone tells me how:-)

Hiya, we've done some more work on our openssl fork that has ESNI support and on a curl fork that uses that. It's early days, but if anyone wants to...

We've integrated our ESNI supporting fork with the lighttpd web server. Details [here](https://github.com/sftcd/openssl/blob/master/esnistuff/lighttpd.md). Be interested if anyone has feedback on that.

Hiya, On 08/01/2020 08:00, Vladimír Čunát wrote: > Yes, the number will change, and the DNS record as well. I don't > know the plans of implementors (and those who've...

On 10/08/2020 18:40, Valerii Zapodovnikov wrote: > Guy, chinese already blocked it (just blocked tls 0xffce extension > https://ntc.party/t/exposing-and-circumventing-chinas-censorship-of-esni/611), Yes, that's being discussed on the IETF TLS list too. [1]...

> Some of the CI test failures happen because `docs/options-in-versions` and `docs/libcurl/symbols-in-versions` need updating I'll push a version with the mostly trivial changes indicated above. (I hit the "resolve" button...

So now that I'm clearing up some of the CI chaff, an interesting question arises - if we're not doing ECH, then when, if ever, should we make a DNS...

The current DoH code seems to setup a new TLS session with the DoH-server for each DoH query. That probably makes no difference if the client is only making one...