Opened 19 months ago
#2275 new enhancement
Support Encrypted Client Hello
Reported by: | Seirdy | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.19.x |
Keywords: | TLS, security | Cc: | Seirdy |
uname -a: | Linux host01 5.14.16-301.fc35.x86_64 #1 SMP Wed Nov 3 13:55:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.21.4 (static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build)
built by gcc 10.2.1 20201203 (GCC) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --build='static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build' --with-file-aio --with-threads --with-pcre --with-debug --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_quic_module --without-http_browser_module --without-http_empty_gif_module --without-http_geo_module --without-http_grpc_module --without-http_uwsgi_module --without-http_empty_gif_module --without-http_ssi_module --without-http_fastcgi_module --without-http_scgi_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --without-http_access_module --without-http_mirror_module --without-http_autoindex_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --without-http_upstream_hash_module --with-cc-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -flto -fvisibility=hidden -fgraphite-identity -ffunction-sections -fdata-sections -mtls-dialect=gnu2 -L/ghq/git.musl-libc.org/musl/lib -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -fno-builtin-memalign -fno-builtin-posix_memalign -fno-builtin-valloc -fno-builtin-pvalloc -I/ghq/github.com/zlib-ng/zlib-ng -I/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -I/ghq/boringssl.googlesource.com/boringssl/include -Wno-error -DTCP_FASTOPEN=23 -I/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44' --with-ld-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -Wl,-E -Wl,-z,noexecstack -Wl,-Bstatic -L/ghq/git.musl-libc.org/musl/lib -Wl,--gc-sections -L/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -l:libz.a -lz -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/ssl -l:libssl.a -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/crypto -l:libcrypto.a -L/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44/.libs' --add-module=/ghq/github.com/google/ngx_brotli/static --add-module=/ghq/github.com/openresty/headers-more-nginx-module |
Description
Current specification: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
Encrypted Client Hello removes a major source of information leakage when using TLS: the hostname. When combined with OCSP Must-Staple, the only information leaked over a TLS connection will be the source/dest IPs and traffic sizing (the latter of which can be mitigated with TLS 1.3's random padding). This offers a significant privacy improvement.
ECH has been implemented by Firefox, Cloudflare, H2O (in quictls), NSS, and BoringSSL.
ECH was previously known as ESNI (Encrypted SNI). The EFF promoted it in its Deeplinks blog: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https