Basic TLS Encrypted ClientHello (ECH) support (java layer)#1406
Basic TLS Encrypted ClientHello (ECH) support (java layer)#1406mnbogner wants to merge 3 commits intogoogle:masterfrom
Conversation
…revent unintended failures, updated tests so all hosts are tested before failing.
|
Sorry for the delay. The tests are passing locally so I believe this should be ready for review now (@tweksteen). |
|
@mnbogner Thanks for that. Unfortunately, we ended up adding some code to our internal repo in the meantime, which significantly overlaps with these changes. I'll try to upstream these changes as soon as possible. Apologies, I should have let you know earlier that this was happening. |
|
Sorry for the delay. The tests are passing locally so I believe this should be ready for review now (@tweksteen).
Is there a PR you could point me to? It would help if I could show my team the code that's being used instead. |
Any update on this? |
2 participants
As requested by @tweksteen here: #1340 (comment), this is the second step towards adding ECH support to Conscrypt. This PR includes changes to the java layer to connect with the previous changes to the native layer here: #1374.
At this time (10/17/25) several of the new tests fail because of a DNS parsing error. I am in the process of debugging this issue, but since I will be going on vacation I wanted to submit this PR as-is to begin getting feedback.
Original description of #1044:
This is the first stage of implementing Encrypted ClientHello (ECH) in Conscrypt #730. It provides the APIs required for clients to make TLS connections using ECH. This implements enough of the server-side to provide ECH in the test suite using ECH Key and Configs generated by boringssl. This should be enough to let libs like OkHTTP fully implement ECH square/okhttp#6539