Encrypted Client Hello with Split Mode Topology (a.k.a. TLS Passthrough)

This repo implements a library to support Encrypted Client Hello with a Split Mode Topology, along with secure client-side name resolution and network connections.

Split Mode Topology is defined in RFC 9849.

flowchart LR
  subgraph Client
    c1("Client")
  end
  subgraph Client-Facing Server
    prx((("public.example.com")))
  end
  subgraph Backend Servers
    be1("private1.example.com")
    be2("private2.example.com")
  end
  c1-->prx
  prx-->be1
  prx-->be2

The ECH library handles the Client-Facing Server part. A ech.Conn transparently inspects the TLS handshake and decrypts/decodes Encrypted Client Hello messages. The decoded ServerName and/or ALPN protocols can then be used to route the TLS connection to the right backend server which terminates the TLS connection.

ECH Configs and ECH ConfigLists are created with ech.NewConfig and ech.ConfigList.

Clients can use ech.Resolve and/or ech.Dial to securely connect to services. They use RFC 8484 DNS-over-HTTPS (DoH) and RFC 9460 HTTPS Resource Records, along with traditional A, AAAA, CNAME records for name resolution. If a HTTPS record contains an ECH config list, it can be used automatically. ech.Dial also supports concurrent connection attempts to gracefully handle slow or unreachable addresses.

The example directory has working client and server examples.

See the godoc for more details.