1
0
mirror of https://github.com/golang/go synced 2024-11-15 00:10:28 -07:00
go/api/next
Roland Shoemaker 9eeb627f60 crypto/tls: add ech client support
This CL adds a (very opinionated) client-side ECH implementation.

In particular, if a user configures a ECHConfigList, by setting the
Config.EncryptedClientHelloConfigList, but we determine that none of
the configs are appropriate, we will not fallback to plaintext SNI, and
will instead return an error. It is then up to the user to decide if
they wish to fallback to plaintext themselves (by removing the config
list).

Additionally if Config.EncryptedClientHelloConfigList is provided, we
will not offer TLS support lower than 1.3, since negotiating any other
version, while offering ECH, is a hard error anyway. Similarly, if a
user wishes to fallback to plaintext SNI by using 1.2, they may do so
by removing the config list.

With regard to PSK GREASE, we match the boringssl  behavior, which does
not include PSK identities/binders in the outer hello when doing ECH.

If the server rejects ECH, we will return a ECHRejectionError error,
which, if provided by the server, will contain a ECHConfigList in the
RetryConfigList field containing configs that should be used if the user
wishes to retry. It is up to the user to replace their existing
Config.EncryptedClientHelloConfigList with the retry config list.

Fixes #63369

Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf
Reviewed-on: https://go-review.googlesource.com/c/go/+/578575
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-05-23 03:10:12 +00:00
..
42888.txt runtime/debug: eliminate temporary variadicity from SetCrashOutput 2024-05-16 15:19:04 +00:00
44940.txt unicode/utf16: add func RuneLen 2024-03-07 19:08:48 +00:00
46443.txt net/http: add field Cookie.Quoted bool 2024-04-19 00:32:19 +00:00
50102.txt archive/tar: add FileInfoNames interface 2024-03-15 16:01:50 +00:00
53987.txt slices: add Chunk 2024-05-10 17:28:50 +00:00
57151.txt path/filepath: add Localize 2024-02-26 18:08:14 +00:00
59473.txt net/http/httptest: add NewRequestWithContext 2024-03-11 18:09:14 +00:00
60023.txt encoding/binary: add Append, Encode and Decode 2024-05-20 18:58:26 +00:00
60427.txt reflect: add Overflow methods to Type 2024-02-28 14:08:38 +00:00
61308.txt all: add reflect.SliceAt function 2024-04-02 21:51:18 +00:00
61395.txt sync/atomic: public And/Or ops and race instrumentation 2024-05-17 18:37:29 +00:00
61472.txt net/http: add Request.CookiesNamed 2024-03-20 16:17:16 +00:00
61696.txt sync: add Map.Clear 2024-02-01 15:34:22 +00:00
61716.txt math/rand/v2: add Uint 2024-05-07 18:03:11 +00:00
61897.txt iter: expose fundamental types to Go 1.23 2024-05-06 20:33:25 +00:00
61899.txt slices: add iterator-related functions 2024-05-09 19:20:55 +00:00
61900.txt maps: add All, Keys, Values, Insert, Collect 2024-05-20 16:01:35 +00:00
62254.txt net: add KeepAliveConfig and implement SetKeepAliveConfig 2024-02-20 06:04:31 +00:00
62483.txt unique: add unique package and implement Make/Handle 2024-04-22 18:14:07 +00:00
62484.txt os: implement CopyFS 2024-02-23 00:19:54 +00:00
62490.txt net/http: add partitioned attribute to cookie type 2024-05-22 18:33:05 +00:00
63116.txt net: add Unwrap to *DNSError 2024-04-14 18:23:45 +00:00
63369.txt crypto/tls: add ech client support 2024-05-23 03:10:12 +00:00
63691.txt crypto/tls: improved 0-RTT QUIC API 2024-05-22 17:23:54 +00:00
65238.txt slices: add func Repeat 2024-03-19 21:38:37 +00:00
65772.txt go/types: add Func.Signature method 2024-04-18 22:17:27 +00:00
66008.txt net/http: add ParseCookie, ParseSetCookie 2024-04-17 17:43:50 +00:00
66054.txt cmd/link,debug/elf: mark Go binaries with no branch target CFI on openbsd 2024-03-10 04:13:26 +00:00
66056.txt reflect: add iterative related methods 2024-05-09 11:54:18 +00:00
66249.txt crypto/x509: add text and binary marshal methods to OID 2024-05-16 02:00:26 +00:00
66339.txt go/ast: add Preorder go1.23 iterator 2024-05-15 21:44:50 +00:00
66405.txt net/http: add Pattern field in Request to return matched pattern info 2024-05-16 18:42:34 +00:00
66408.txt cmd/compile: add structs.HostLayout 2024-05-20 21:19:39 +00:00
66559.txt go/types: add Alias.Rhs 2024-04-24 21:50:16 +00:00
66836.txt debug/elf: define non-standard but well-known symbol types 2024-04-16 00:01:16 +00:00
67059.txt math/rand/v2: add ChaCha8.Read 2024-05-22 22:09:08 +00:00
67143.txt go/types, types2: add Alias.{TypeParams, SetTypeParams, TypeArgs, Origin} 2024-05-15 21:32:30 +00:00