]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9cd6c92) | patch
mod_ssl: Add support for Encrypted Client Hello (ECH) based off
authorJoe Orton <jorton@apache.org>
Fri, 12 Sep 2025 08:05:11 +0000 (08:05 +0000)
committerJoe Orton <jorton@apache.org>
Fri, 12 Sep 2025 08:05:11 +0000 (08:05 +0000)
commit0c9cd095ce9081fd225f0da7787419e80de7c701
treef4c599f607fb94c20aebbb34d442770a73bea3b9tree | snapshot
parent9cd6c92c95a8049f418123f4759df1ae106a8f6ecommit | diff
mod_ssl: Add support for Encrypted Client Hello (ECH) based off
proposed OpenSSL 4.0 API. Notes from PR #551:

This build only supports ECH "shared-mode" where mod_ssl does the ECH
decryption and also hosts both the ECH `public-name` and `backend` web
sites.

## Build

> [!NOTE]
> ECH is not yet a part of an OpenSSL release, our current goal is that ECH be
> part of an OpenSSL 4.0 release in spring 2026.

There is client and server ECH code in the OpenSSL ECH feature branch at
[https://github.com/openssl/openssl/tree/feature/ech](https://github.com/openssl/openssl/tree/feature/ech).
At present, ECH-enabling apache2 therefore requires building from source, using
the OpenSSL ECH feature branch.

## Code changes

- All code changes are within `modules/ssl` and are protected via `#ifdef
  HAVE_OPENSSL_ECH`.  That's defined in `ssl_private.h` if the included
`ssl.h` defines `SSL_OP_ECH_GREASE`.

- There're a bunch of changes to add the new `SSLECHKeyDir` directive that
  are mosly obvious.

- We load the keys from `SSLECHKeyDir` using the `load_echkeys()` function in
  `ssl_engine_init.c`. That also ECH-enables the `SSL_CTX` when keys are
  loaded, which triggers ECH decryption as needed.

> [!NOTE]
> `load_echkeys()` will include the public component all loaded keys in the ECH
> `retry-configs` in the fallback scenario. If desired, we could add a naming
> convention or additional configuration setting to distinguish which to
> include in `retry-configs` or not. For now, we assume that'd better be done
> in a subsequent PR, if experience shows the feature is really useful/needed.
> (We can envisage some odd deployments where that might be the case, but not
> clear those'd really happen - it'd seem to need loads of key pairs or else
> some that are never published in the DNS that we don't want to expose to
> random clients - neither seems compelling.)

- We add a callback to `SSL_CTX_ech_set_callback` also in `ssl_engine_init.c`.

- We add calls to set the `SSL_ECH_STATUS` etc. variables to the environment
(for PHP etc) in `ssl_engine_kernel.c` and also do the logging of ECH outcomes
(to the error log).

Submitted by: sftcd <stephen.farrell cs.tcd.ie>, rpluem
Github: closes #551

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1928357 13f79535-47bb-0310-9956-ffa450edef68
.github/workflows/linux.yml diff | blob | blame | history
changes-entries/ech.txt [new file with mode: 0644] blob
docs/log-message-tags/next-number diff | blob | blame | history
docs/manual/mod/mod_ssl.xml diff | blob | blame | history
modules/ssl/mod_ssl.c diff | blob | blame | history
modules/ssl/ssl_engine_config.c diff | blob | blame | history
modules/ssl/ssl_engine_init.c diff | blob | blame | history
modules/ssl/ssl_engine_kernel.c diff | blob | blame | history
modules/ssl/ssl_engine_vars.c diff | blob | blame | history
modules/ssl/ssl_private.h diff | blob | blame | history
test/travis_before_linux.sh diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git