Opened 4 weeks ago

#2275 new enhancement

Support Encrypted Client Hello

Reported by: Seirdy Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.19.x
Keywords: TLS, security Cc: Seirdy
uname -a: Linux host01 5.14.16-301.fc35.x86_64 #1 SMP Wed Nov 3 13:55:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.21.4 (static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build)
built by gcc 10.2.1 20201203 (GCC)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --build='static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build' --with-file-aio --with-threads --with-pcre --with-debug --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_quic_module --without-http_browser_module --without-http_empty_gif_module --without-http_geo_module --without-http_grpc_module --without-http_uwsgi_module --without-http_empty_gif_module --without-http_ssi_module --without-http_fastcgi_module --without-http_scgi_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --without-http_access_module --without-http_mirror_module --without-http_autoindex_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --without-http_upstream_hash_module --with-cc-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -flto -fvisibility=hidden -fgraphite-identity -ffunction-sections -fdata-sections -mtls-dialect=gnu2 -L/ghq/git.musl-libc.org/musl/lib -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -fno-builtin-memalign -fno-builtin-posix_memalign -fno-builtin-valloc -fno-builtin-pvalloc -I/ghq/github.com/zlib-ng/zlib-ng -I/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -I/ghq/boringssl.googlesource.com/boringssl/include -Wno-error -DTCP_FASTOPEN=23 -I/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44' --with-ld-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -Wl,-E -Wl,-z,noexecstack -Wl,-Bstatic -L/ghq/git.musl-libc.org/musl/lib -Wl,--gc-sections -L/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -l:libz.a -lz -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/ssl -l:libssl.a -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/crypto -l:libcrypto.a -L/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44/.libs' --add-module=/ghq/github.com/google/ngx_brotli/static --add-module=/ghq/github.com/openresty/headers-more-nginx-module

Description

Current specification: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/

Encrypted Client Hello removes a major source of information leakage when using TLS: the hostname. When combined with OCSP Must-Staple, the only information leaked over a TLS connection will be the source/dest IPs and traffic sizing (the latter of which can be mitigated with TLS 1.3's random padding). This offers a significant privacy improvement.

ECH has been implemented by Firefox, Cloudflare, H2O (in quictls), NSS, and BoringSSL.

ECH was previously known as ESNI (Encrypted SNI). The EFF promoted it in its Deeplinks blog: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https

Change History (0)

Note: See TracTickets for help on using tickets.