On Wed 04/06/2025 14:25, Christoph Liebender wrote: > Am 03.06.25 um 15:53 schrieb Christoph Liebender: > > I will probably submit a PR to upstream that disables this test on > > OpenBSD altogether, when I find time... > > Upstream was very responsive and integrated that into 10.4.2. > > > In any case, comments w.r.t. the --tls-ech-enable feature are welcome. > > Which is supposed to mean that I cannot make this work on my setup, and > right now I am not sure whether it is due to an upstream bug, packaging bug > or issue with my setup. Can ECH be considered a niche feature anyway? If so, > it might also make sense to not use aws-lc-rs as a crypto provider and fall > back to native TLS at some point.
I'm far from being an expert here, so there are multiple options for me to be wrong: - ECH uses Hybrid Public Key Encryption - HPKE is provided by aws-lc-rs - On OpenBSD, aws-lc-rs is not used. Instead ring is used as backend [0]. Long story short, no ECH with wstunnel on OpenBSD. [0] https://github.com/erebe/wstunnel/blob/eba8f8609423c3d4afc155cf2989cef72242e3eb/Cargo.toml#L64-L72
