Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade ECH target to draft-ietf-tls-esni-10 #44

Closed
wants to merge 2 commits into from
Closed

Upgrade ECH target to draft-ietf-tls-esni-10 #44

wants to merge 2 commits into from

Conversation

cjpatton
Copy link
Collaborator

@cjpatton cjpatton commented Mar 19, 2021
edited
Loading

This PR updates the NSS and Cloudflare-Go endpoints to run the latest draft of ECH. It also updates the test-input generation code accordingly.

DO NOT MERGE: Before merging, the following changes need to be made.

  1. Remove build.sh and run.sh. These outdated test scripts are used to run the ECH test cases. (These aren't currently supported in the test runner.)
  2. Revert change to impl-endpoint/cloudfflare-go/Dockerfile. Once Implement ECH-10. cloudflare/go#65 lands, update the file with the new commit.
  3. Revert change to impl-endpoint/nss/Dockerfile. Once https://phabricator.services.mozilla.com/D108392 lands, update the file with the new revision.

NOTE: This PR confirms interop of ECH-10 between NSS and Cloudflare-Go. To test the NSS client against the Cloudflare-Go server, do

make testinputs
./build.sh nss cloudflare-go
./run.sh nss cloudflare-go ech-accept

Replace "ech-accept" with "ech-reject" to exercise the rejection codepath. Swap "nss" and "cloudflare-go" to test the Cloudflare-Go client against the NSS server.

cc/ @martinthomson, @chris-wood

martinthomson
martinthomson approved these changes Mar 19, 2021
View reviewed changes
Copy link

@martinthomson martinthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To the extent that this is using private commits, this is scary, but if it interoperates, nice.

impl-endpoints/cloudflare-go/Dockerfile Outdated
@@ -5,10 +5,10 @@ FROM golang:latest AS builder

RUN apt-get update && \
apt-get install git
RUN git clone https://github.com/cloudflare/go /cf
RUN git clone --branch caw/ech-10 https://github.com/cloudflare/go /cf
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gum and baling wire!

impl-endpoints/nss/Dockerfile
&& cd nss \
&& hg pull -u -r 98542d9c204f8e91336f0a36239d776d82dc8989 https://hg.mozilla.org/projects/nss-try \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

string and cellotape!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These change will be reverted once your PR lands.

@xvzcf
Copy link
Owner

xvzcf commented Jan 20, 2022

Closing as this has gone stale.

@xvzcf xvzcf closed this Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinthomson martinthomson martinthomson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cjpatton @xvzcf @martinthomson