mirror of https://github.com/golang/go.git
f69711434a
Adds support for server-side ECH. We make a couple of implementation decisions that are not completely in-line with the spec. In particular, we don't enforce that the SNI matches the ECHConfig public_name, and we implement a hybrid shared/backend mode (rather than shared or split mode, as described in Section 7). Both of these match the behavior of BoringSSL. The hybrid server mode will either act as a shared mode server, where-in the server accepts "outer" client hellos and unwraps them before processing the "inner" hello, or accepts bare "inner" hellos initially. This lets the server operate either transparently as a shared mode server, or a backend server, in Section 7 terminology. This seems like the best implementation choice for a TLS library. Fixes #68500 Change-Id: Ife69db7c1886610742e95e76b0ca92587e6d7ed4 Reviewed-on: https://go-review.googlesource.com/c/go/+/623576 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> |
||
|---|---|---|
| .. | ||
| archive | ||
| bytes | ||
| crypto | ||
| debug/elf | ||
| encoding | ||
| go/types | ||
| hash | ||
| log/slog | ||
| math | ||
| net | ||
| os | ||
| regexp | ||
| runtime | ||
| strings | ||
| testing | ||
| text/template | ||
| time | ||
| weak | ||
| 0-heading.md | ||
| README | ||
README
API changes and other small changes to the standard library go here.