Add ESNI client and server support #172
Open
Commits on May 3, 2019
-
dev: Fix build-test-tris-* on non-Linux
The Docker image is based on Linux, be sure to build a binary that is compatible with it. Fixes interop tests on macOS. During development, one can use: `cd _dev/tris-testclient && ../go.sh build -v -i .`
-
Add ESNI client and server support
Implements https://tools.ietf.org/html/draft-ietf-tls-esni-01 Extends the tls.Config API with a ClientESNIKeys structure which must contain a valid key. If this key is not valid, the handshake will fail. A GetServerESNIKeys API is also added which allows the server to dynamically query for an appropriate ESNI key. Add a new 'esnitool' utility to generate ESNIKeys for testing purposes, this uses a short lifetime, a single curve and cipher suite. The test client and server can now be used with these keys. Additionally the test client can securely query the ESNI key from DNS (hardcoded to use 1.1.1.1:853 using DoT for now).
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.