Opened 3 years ago
Last modified 13 months ago
#2275 new enhancement
Support Encrypted Client Hello
Reported by: | Seirdy | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.19.x |
Keywords: | TLS, security | Cc: | Seirdy |
uname -a: | Linux host01 5.14.16-301.fc35.x86_64 #1 SMP Wed Nov 3 13:55:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.21.4 (static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build)
built by gcc 10.2.1 20201203 (GCC) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --build='static-pie gcc musl mimalloc-secure zlib-ng brotli march=haswell boringssl hpack nginx build' --with-file-aio --with-threads --with-pcre --with-debug --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_quic_module --without-http_browser_module --without-http_empty_gif_module --without-http_geo_module --without-http_grpc_module --without-http_uwsgi_module --without-http_empty_gif_module --without-http_ssi_module --without-http_fastcgi_module --without-http_scgi_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --without-http_access_module --without-http_mirror_module --without-http_autoindex_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --without-http_upstream_hash_module --with-cc-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -flto -fvisibility=hidden -fgraphite-identity -ffunction-sections -fdata-sections -mtls-dialect=gnu2 -L/ghq/git.musl-libc.org/musl/lib -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -fno-builtin-memalign -fno-builtin-posix_memalign -fno-builtin-valloc -fno-builtin-pvalloc -I/ghq/github.com/zlib-ng/zlib-ng -I/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -I/ghq/boringssl.googlesource.com/boringssl/include -Wno-error -DTCP_FASTOPEN=23 -I/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44' --with-ld-opt='-O3 -DNDEBUG -fno-semantic-interposition -fipa-pta -fdevirtualize-at-ltrans -march=haswell -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-all -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full -fpic -fpie -static-pie -s -L. -fno-plt -Bsymbolic -malign-data=cacheline -Wno-parentheses -Wno-unused-value -Wno-unused-but-set-variable -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -Wl,-E -Wl,-z,noexecstack -Wl,-Bstatic -L/ghq/git.musl-libc.org/musl/lib -Wl,--gc-sections -L/ghq/github.com/zlib-ng/zlib-ng/build-server-gcc -l:libz.a -lz -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/ssl -l:libssl.a -L/ghq/boringssl.googlesource.com/boringssl/build-server-gcc/crypto -l:libcrypto.a -L/ghq/src.fedoraproject.org/rpms/pcre/pcre-8.44/.libs' --add-module=/ghq/github.com/google/ngx_brotli/static --add-module=/ghq/github.com/openresty/headers-more-nginx-module |
Description
Current specification: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
Encrypted Client Hello removes a major source of information leakage when using TLS: the hostname. When combined with OCSP Must-Staple, the only information leaked over a TLS connection will be the source/dest IPs and traffic sizing (the latter of which can be mitigated with TLS 1.3's random padding). This offers a significant privacy improvement.
ECH has been implemented by Firefox, Cloudflare, H2O (in quictls), NSS, and BoringSSL.
ECH was previously known as ESNI (Encrypted SNI). The EFF promoted it in its Deeplinks blog: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
Change History (6)
comment:1 by , 15 months ago
comment:2 by , 15 months ago
And firefox joins since version 118: https://support.mozilla.org/pl/kb/understand-encrypted-client-hello
comment:3 by , 15 months ago
+1 on this. We're very keen to roll out ECH for privacy and also as an anti-blocking mechanism.
follow-up: 5 comment:4 by , 14 months ago
Here seems to be an experimental EHC implementation for nginx, though I have not tested if it actually works: https://github.com/nginx/nginx/compare/master...sftcd:nginx:ECH-experimental
comment:5 by , 13 months ago
Replying to hardfalcon@…:
Note that this likely requires an equally experimental ECH-enabled fork open OpenSSL:
Yeah. Rather than an experimental fork of OpenSSL, it's probably safer to use BoringSSL for now.
comment:6 by , 13 months ago
I've submitted an experimental patch to nginx-devel list that implements ECH with BoringSSL.
Source code fork with this patch is also available at https://github.com/yaroslavros/nginx/
Tested against current Chrome and Firefox.
google chrome 117 ships with ECH support (hiding under flag for now)
https://chromestatus.com/feature/6196703843581952