Quick set up guide for Encrypted Client Hello (ECH)

 Posted on November 10, 2023  |  jochensp

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project has developed an implementation of ECH for OpenSSL, and proof-of-concept implementations of various clients and servers that use OpenSSL, and other TLS libraries, as a demonstration and for interoperability testing. [Read More]
curl  DEfO  ECH  free software  nginx  open source  OpenSSL  privacy  resilience  TLS 

DEfO - Developing ECH for OpenSSL (round two)

 Posted on November 9, 2023  |  Stephen Farrell

Encrypted ClientHello (ECH) plugs a privacy-hole in TLS, hiding previously visible details from network observers. The most important being the name of the web-site the client wishes to visit (the Server Name Indication or SNI). This can be a major privacy leak, like when accessing a dissident news source hosted on a Content Delivery Network (CDN). A visible domain name also provides a straightforward method for censors to block websites and internet services. [Read More]
Apache  Conscrypt  curl  DEfO  ECH  F-Droid  free software  HAProxy  IETF  metadata  nginx  open source  OpenSSL  privacy  resilience  TLS 

Improving website resilience with LibResilient and IPFS

 Posted on June 15, 2023  |  uniq

We’re always looking for techniques to make services more resilient to all sorts of issues. That’s why we took special interest in LibResilient and mapped out it’s capabilities. It’s a JavaScript library for decentralized content delivery in web-browsers and markets itself as easy to deploy to any website. We’ve looked at LibResilient primarily in the context of static websites. While it should work with dynamic websites too, that was out of focus for us. [Read More]
censorship  censorship circumvention  circumvention  filecoin  free software  IPFS  open source  resilience