DOC: configuration: ECH support details

Specify which OpenSSL branch is supported and that AWS-LC is not
supported.

Must be backported to 3.3.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5187c67d1634ca3d0256cb5f54e610624837db76..173acf321a384fc8c72d5a24965d8b6a3772cd02 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -16941,9 +16941,10 @@ ech <dir> [ EXPERIMENTAL ]
   See https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
 
   This is an experimental feature, which requires the
-  "expose-experimental-directives" option in the global section. It also
-  necessitates an OpenSSL version that supports ECH, and HAProxy must be
-  compiled with USE_ECH=1.
+  "expose-experimental-directives" option in the global section.
+  It also necessitates an OpenSSL version that supports ECH
+  ( https://github.com/openssl/openssl/tree/feature/ech), and HAProxy must be
+  compiled with USE_ECH=1. The ECH API of AWS-LC is not supported.
 
   Example:
     $ openssl ech -public_name foobar.com -out /etc/haproxy/echkeydir/foobar.com.ech