Welcome! Log In Create A New Profile

Re: encrypted client hello (ECH) question

Forum List Message List New Topic Print View

splitice

June 01, 2023 08:16AM

Registered: 12 years ago
Posts: 118

Pretty cool.

I'm still reading up on each but can this also be done for https
termination? Is the SSL pre-read limitation the main issue there?

On Thu, 1 Jun 2023, 9:31 pm Stephen Farrell, <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hi all,
>
> I've been working on implementing TLS encrypted client hello
> (ECH, [1]) in the OpenSSL library (current branch at [2]).
> Apologies that this mail requires a bit of knowledge of
> what ECH does - I'd guess some folks on here will know that
> already but I'm happy to explain as needed.
>
> I have various proof of concept integrations for my code
> including with nginx (branch at [3]). Adding support for
> ECH when nginx terminates TLS was pretty straightforward
> but I have a question about whether the direction I've
> taken for ECH in "split-mode" is sensible or not.
>
> ECH "split-mode" is where nginx will do the ECH decryption
> but the TLS session is negotiated between the client and
> the upstream. I added some code [4] to the ssl preread
> stream module that does the ECH decryption of the initial
> ClientHello, then forwards on the decrypted ClientHello to
> the upstream. Again that was pretty easy and seems to work
> fine.
>
> The question that I have relates to when the TLS handshake
> between client and upstream hits a HelloRetryRequest. In
> that case the client will ECH encrypt it's second ClientHello
> but the ssl preread module doesn't get to see that 2nd
> ClientHello to attempt ECH decryption.
>
> So I ended up adding code [5] to the stream proxy module that
> checks if we're in that ECH split-mode + "pending" HRR state
> and attempts the ECH decryption if so. After (a lot:-) of
> trying to figure out where to put that code, it now also
> seems to work ok.
>
> But, I'm wondering if that's the right way to handle doing
> things with the 2nd ClientHello when we hit HRR and are
> using the stream module(s) but nginx is not terminating
> the TLS session?
>
> Any comments or advice most welcome!
>
> Thanks,
> Stephen.
>
> PS: It'll be a while before ECH is part of the OpenSSL
> library but once that's happening I do plan to follow up
> submitting these changes as they are at that time.
>
> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
> [2] https://github.com/sftcd/openssl/tree/ECH-draft-13c
> [3] https://github.com/sftcd/nginx/tree/ECH-experimental
> [4]
>
> https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_ssl_preread_module.c#L129
> [5]
>
> https://github.com/sftcd/nginx/blob/ECH-experimental/src/stream/ngx_stream_proxy_module.c#L1719
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
encrypted client hello (ECH) question	Stephen Farrell	315	June 01, 2023 07:32AM
Re: encrypted client hello (ECH) question	splitice	176	June 01, 2023 08:16AM
Re: encrypted client hello (ECH) question	Stephen Farrell	235	June 01, 2023 08:50AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 167

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018