qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-15 06:00:30 -07:00
Code Releases Activity
3f4be127bc
go/api/next
History
Roland Shoemaker 9eeb627f60 crypto/tls: add ech client support 
This CL adds a (very opinionated) client-side ECH implementation.

In particular, if a user configures a ECHConfigList, by setting the
Config.EncryptedClientHelloConfigList, but we determine that none of
the configs are appropriate, we will not fallback to plaintext SNI, and
will instead return an error. It is then up to the user to decide if
they wish to fallback to plaintext themselves (by removing the config
list).

Additionally if Config.EncryptedClientHelloConfigList is provided, we
will not offer TLS support lower than 1.3, since negotiating any other
version, while offering ECH, is a hard error anyway. Similarly, if a
user wishes to fallback to plaintext SNI by using 1.2, they may do so
by removing the config list.

With regard to PSK GREASE, we match the boringssl  behavior, which does
not include PSK identities/binders in the outer hello when doing ECH.

If the server rejects ECH, we will return a ECHRejectionError error,
which, if provided by the server, will contain a ECHConfigList in the
RetryConfigList field containing configs that should be used if the user
wishes to retry. It is up to the user to replace their existing
Config.EncryptedClientHelloConfigList with the retry config list.

Fixes #63369

Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf
Reviewed-on: https://go-review.googlesource.com/c/go/+/578575
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-05-23 03:10:12 +00:00
..
42888.txt runtime/debug: eliminate temporary variadicity from SetCrashOutput 2024-05-16 15:19:04 +00:00
44940.txt
46443.txt net/http: add field Cookie.Quoted bool 2024-04-19 00:32:19 +00:00
50102.txt
53987.txt slices: add Chunk 2024-05-10 17:28:50 +00:00
57151.txt
59473.txt
60023.txt encoding/binary: add Append, Encode and Decode 2024-05-20 18:58:26 +00:00
60427.txt
61308.txt
61395.txt sync/atomic: public And/Or ops and race instrumentation 2024-05-17 18:37:29 +00:00
61472.txt
61696.txt
61716.txt math/rand/v2: add Uint 2024-05-07 18:03:11 +00:00
61897.txt iter: expose fundamental types to Go 1.23 2024-05-06 20:33:25 +00:00
61899.txt slices: add iterator-related functions 2024-05-09 19:20:55 +00:00
61900.txt maps: add All, Keys, Values, Insert, Collect 2024-05-20 16:01:35 +00:00
62254.txt
62483.txt unique: add unique package and implement Make/Handle 2024-04-22 18:14:07 +00:00
62484.txt
62490.txt net/http: add partitioned attribute to cookie type 2024-05-22 18:33:05 +00:00
63116.txt
63369.txt crypto/tls: add ech client support 2024-05-23 03:10:12 +00:00
63691.txt crypto/tls: improved 0-RTT QUIC API 2024-05-22 17:23:54 +00:00
65238.txt
65772.txt go/types: add Func.Signature method 2024-04-18 22:17:27 +00:00
66008.txt
66054.txt
66056.txt reflect: add iterative related methods 2024-05-09 11:54:18 +00:00
66249.txt crypto/x509: add text and binary marshal methods to OID 2024-05-16 02:00:26 +00:00
66339.txt go/ast: add Preorder go1.23 iterator 2024-05-15 21:44:50 +00:00
66405.txt net/http: add Pattern field in Request to return matched pattern info 2024-05-16 18:42:34 +00:00
66408.txt cmd/compile: add structs.HostLayout 2024-05-20 21:19:39 +00:00
66559.txt go/types: add Alias.Rhs 2024-04-24 21:50:16 +00:00
66836.txt
67059.txt math/rand/v2: add ChaCha8.Read 2024-05-22 22:09:08 +00:00
67143.txt go/types, types2: add Alias.{TypeParams, SetTypeParams, TypeArgs, Origin} 2024-05-15 21:32:30 +00:00