Developing ESNI for OpenSSL (DEfO)

https://defo.ie/

Encrypted server name indication (ESNI) is a way to plug a privacy-hole that remains in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implmentation of ESNI for OpenSSL, and an ESNI-enabled web server as a demonstration and for interoperability testing. Over time, DEfO will demonstrate integration of ESNI with other tools that use TLS.

Our OpenSSL fork supporting ESNI is on github.

This server now runs on our fork of lighttpd See the notes for how we did that. (Turned out to be much easier than expected actually!)

1 Like