From 2bd4e6f231c8e7c262495fed7c147b4cc67c834c Mon Sep 17 00:00:00 2001 From: Kevin Jacobs Date: Tue, 17 Nov 2020 23:43:25 +0000 Subject: Bug 1654332 - Update ESNI to draft-08 (ECH). r=mt This patch adds support for Encrypted Client Hello (draft-ietf-tls-esni-08), replacing the existing ESNI (draft -02) support. There are five new experimental functions to enable this: - SSL_EncodeEchConfig: Generates an encoded (not BASE64) ECHConfig given a set of parameters. - SSL_SetClientEchConfigs: Configures the provided ECHConfig to the given socket. When configured, an ephemeral HPKE keypair will be generated for the CH encryption. - SSL_SetServerEchConfigs: Configures the provided ECHConfig and keypair to the socket. The keypair specified will be used for HPKE operations in order to decrypt encrypted Client Hellos as they are received. - SSL_GetEchRetryConfigs: If ECH is rejected by the server and compatible retry_configs are provided, this API allows the application to extract those retry_configs for use in a new connection. - SSL_EnableTls13GreaseEch: When enabled, non-ECH Client Hellos will have a "GREASE ECH" (i.e. fake) extension appended. GREASE ECH is disabled by default, as there are known compatibility issues that will be addressed in a subsequent draft. The following ESNI experimental functions are deprecated by this update: - SSL_EncodeESNIKeys - SSL_EnableESNI - SSL_SetESNIKeyPair In order to be used, NSS must be compiled with `NSS_ENABLE_DRAFT_HPKE` defined. Differential Revision: https://phabricator.services.mozilla.com/D86106 --- cpputil/tls_parser.h | 1 + 1 file changed, 1 insertion(+) (limited to 'cpputil') diff --git a/cpputil/tls_parser.h b/cpputil/tls_parser.h index 6636b3c6a..41d760ed0 100644 --- a/cpputil/tls_parser.h +++ b/cpputil/tls_parser.h @@ -56,6 +56,7 @@ const uint8_t kTlsAlertUnsupportedExtension = 110; const uint8_t kTlsAlertUnrecognizedName = 112; const uint8_t kTlsAlertCertificateRequired = 116; const uint8_t kTlsAlertNoApplicationProtocol = 120; +const uint8_t kTlsAlertEchRequired = 121; const uint8_t kTlsFakeChangeCipherSpec[] = { ssl_ct_change_cipher_spec, // Type -- cgit v1.2.1