https://github.com/kwaa/ech-playground
๐ Play with TLS Encrypted Client Hello
https://github.com/kwaa/ech-playground
Last synced: about 2 months ago
JSON representation
๐ Play with TLS Encrypted Client Hello
- Host: GitHub
- URL: https://github.com/kwaa/ech-playground
- Owner: kwaa
- Created: 2022-11-27T10:46:56.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-12-03T08:41:25.000Z (over 2 years ago)
- Last Synced: 2025-02-10T10:21:23.899Z (3 months ago)
- Language: Dockerfile
- Homepage:
- Size: 6.21 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ECH Playground
Try using ECH (Encrypted Client Hello) for TLS-based proxies.
## Status
- [x] Binary valid
- [ ] Dockerfile vaild
- [ ] Configure HAProxy
- [ ] Configure Certbot
- [ ] Publish Image `kwaabot/haproxy`
## HAProxy + NaiveProxy
I compiled ECH-enabled OpenSSL and HAProxy as instructed in [esnistuff/haproxy.md](https://github.com/sftcd/openssl/blob/ECH-draft-13a/esnistuff/haproxy.md), and you can get the [x86_64 binaries](/haproxy/haproxy) and [Dockerfile](/haproxy/Dockerfile) from the `haproxy` folder of this repo.
Once I confirm that it works, I'll make the image available through GitHub Actions.
Meanwhile, the NaiveProxy client does not appear to support ECH at this time. ([naiveproxy#314](https://github.com/klzgrad/naiveproxy/issues/314))
### HAProxy Config
TODO
### NaiveProxy Config
Use the [same configuration](/naive/config.json) as [HAProxy Setup](https://github.com/klzgrad/naiveproxy/wiki/HAProxy-Setup).
```json
{
"listen": "http://127.0.0.1:{{port}}",
"padding": true
}
```
### Docker Compose
TODO
## Useful links
- [ECH (Encrypted client hello) support ยท Issue #1924 ยท haproxy/haproxy](https://github.com/haproxy/haproxy/issues/1924)
- [Will Encrypted client hello be supported at both the client and server side? ยท Issue #314 ยท klzgrad/naiveproxy](https://github.com/klzgrad/naiveproxy/issues/314)
- [Developing ECH for OpenSSL (DEfO)](https://defo.ie/)
- [Experiences with implementing and deploying ECH](https://defo.ie/report.html)
- [sftcd/openssl-[ECH-draft-13a]](https://github.com/sftcd/openssl/tree/ECH-draft-13a)
- [sftcd/haproxy-[ECH-experimental]](https://github.com/sftcd/haproxy/tree/ECH-experimental)
- [esnistuff](https://github.com/sftcd/openssl/tree/ECH-draft-13a/esnistuff)