Bug 1681585 - Add ECH support to selfserv.
ClosedPublic

Authored by kjacobs on Jan 7 2021, 7:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jun 15, 7:23 PM
Unknown Object (File)
Mon, Jun 15, 6:41 PM
Unknown Object (File)
Mon, Jun 15, 2:26 PM
Unknown Object (File)
Mon, Jun 15, 12:16 PM
Unknown Object (File)
Mon, Jun 8, 12:14 PM
Unknown Object (File)
Mon, Jun 8, 11:19 AM
Unknown Object (File)
Mon, Jun 8, 11:17 AM
Unknown Object (File)
Mon, Jun 8, 5:15 AM
Subscribers
None

Details

Summary

Usage example:
mkdir dbdir && cd dbdir
certutil -N -d .
certutil -S -s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
certutil -S -s "CN=ech-private-backend.com" -n ech-private-backend.com -x -t "C,C,C" -m 2345 -d .
../dist/Debug/bin/selfserv -a ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-private-backend.com -p 8443 -d dbdir/ -X publicname:ech-public.com
(Copy echconfig from selfserv output and paste into the below command)
../dist/Debug/bin/tstclnt -D -p 8443 -v -A tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v

Diff Detail

Repository
rNSS nss

Event Timeline

phab-bot published this revision for review.Jan 7 2021, 7:18 PM
phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".
phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".
phab-bot removed a project: secure-revision.
kjacobs edited the summary of this revision. (Show Details)

For the interop runner, we need to take the HPKE keypair and echconfigs as input rather than generating them. I'm going to revise this accordingly.

kjacobs edited the summary of this revision. (Show Details)
This revision is now accepted and ready to land.Jan 17 2021, 10:34 PM