-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ESNIExtension #345
Comments
IIRC, "Z" is the canonical name for the shared secret agreed to using the DH key exchange, the calculation for it using regular FFDHE key exchange is here: if this is not clear enough, asking on IETF TLS work-group mailinglist for amendments/clarifications to the draft would likely be fruitful |
Hi @divadres, are you still working on this? It is worth noting that draft -01 (as currently implemented by Firefox/NSS and Cloudflare) is not compatible with newer draft versions (-03). The Draft -03 also changed how the ESNI extension in the EncryptedExtensions message is encoded. |
Hi.
I'm trying to add support for ESNIExtension in tlslite-ng. I'm getting the information here: https://tools.ietf.org/html/draft-ietf-tls-esni-02
At the moment I can get the information of the dns domain registry, extract the data and create the extension data to send it together with the ClientHello, but I have doubts about the encryption of the data, I am not an expert in cryptography and there are some concepts I do not understand.
I have the KeyShare obtained from the ESNIKeys, I have created the value ClientEncryptedSNI.key_share but I do not understand how to get the Z value, I am also not sure how to obtain the Zx value once these two are achieved I believe that key and iv can be created.
Is there someone who can help me in this step?
Thank you
The text was updated successfully, but these errors were encountered: