Try using ECH (Encrypted Client Hello) for TLS-based proxies.
- Binary valid
- Dockerfile vaild
- Configure HAProxy
- Configure Certbot
- Publish Image
kwaabot/haproxy
I compiled ECH-enabled OpenSSL and HAProxy as instructed in esnistuff/haproxy.md, and you can get the x86_64 binaries and Dockerfile from the haproxy
folder of this repo.
Once I confirm that it works, I'll make the image available through GitHub Actions.
Meanwhile, the NaiveProxy client does not appear to support ECH at this time. (naiveproxy#314)
TODO
Use the same configuration as HAProxy Setup.
{
"listen": "http://127.0.0.1:{{port}}",
"padding": true
}
TODO
- ECH (Encrypted client hello) support · Issue #1924 · haproxy/haproxy
- Will Encrypted client hello be supported at both the client and server side? · Issue #314 · klzgrad/naiveproxy
- Developing ECH for OpenSSL (DEfO)
- Experiences with implementing and deploying ECH
- sftcd/openssl-[ECH-draft-13a]
- sftcd/haproxy-[ECH-experimental]
- esnistuff