mirror of
https://github.com/golang/go
synced 2024-11-26 13:28:27 -07:00
f69711434a
Adds support for server-side ECH. We make a couple of implementation decisions that are not completely in-line with the spec. In particular, we don't enforce that the SNI matches the ECHConfig public_name, and we implement a hybrid shared/backend mode (rather than shared or split mode, as described in Section 7). Both of these match the behavior of BoringSSL. The hybrid server mode will either act as a shared mode server, where-in the server accepts "outer" client hellos and unwraps them before processing the "inner" hello, or accepts bare "inner" hellos initially. This lets the server operate either transparently as a shared mode server, or a backend server, in Section 7 terminology. This seems like the best implementation choice for a TLS library. Fixes #68500 Change-Id: Ife69db7c1886610742e95e76b0ca92587e6d7ed4 Reviewed-on: https://go-review.googlesource.com/c/go/+/623576 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> |
||
|---|---|---|
| .. | ||
| 32936.txt | ||
| 36532.txt | ||
| 51473.txt | ||
| 54670.txt | ||
| 61515.txt | ||
| 61901.txt | ||
| 62005.txt | ||
| 62384.txt | ||
| 62516.txt | ||
| 63952.txt | ||
| 66450.txt | ||
| 66626.txt | ||
| 67002.txt | ||
| 67057.txt | ||
| 67535.txt | ||
| 67552.txt | ||
| 67813.txt | ||
| 67814.txt | ||
| 68500.txt | ||
| 69488.txt | ||
| 69981.txt | ||