I doubt it. Today there is a huge trend towards censorship in the world. And ECH is exactly what a censor would not want. It is already blocked in Russia after Cloudflare enabled it by default and I would expect it to be blocked in the west "for anti-piracy reasons" very soon.
khorovodoved
joined 2 years ago
Try starting with dbus session. Also try lxqt-session and startlxqt commands.
Because it is affiliated with gnome...
TLS clienthello contains unencrypted string, called SNI, that contains the domain of a destination web site. It must be unencrypted to work, because web sites read this string to determine which certificate to use.
You do not break encryption. It is unencrypted by design.
With all due respect, but it seams to me that you do not quite understand how HTTPS works. For encryption it relies on TLS protocol. And TLS does not encrypt everything, it encrypts only payload, but it also has to share some additional data to even establish encrypted connection. The majority of that work is done by exchanging clienthello and serverhello. To do that client has to clarify what server he is even trying to reach as there can be multiple servers on IP, but they have separate certificates, support different cyphers etc. For that a string "SNI", that contains domain name is used. Only after client and server exchange all the necessary information encrypted conversation can start. So, by looking into clienthello and reading SNI any MITM can determine what web site are you trying to reach.
It would not be hard at all. China, Iran and Russia already do that. Clienthello is not encrypted and that is all you need.
And ECH would not solve this as you can just block cloudflare-ech (or other, depending on CDN) domain itself and force clients to fallback to non-encrypted clienthello.
Everyone gansta till DPI system is installed.
That's just VPN with extra steps. Why not just set up a SOCKS5/Shadowsocks/wireguard/whatever on any hosting and get a lot better experience?
Zig has other selling points, that are arguably more suitable for system programming. Rust's obsession with safety (which is still not absolute even in rust) is not the only thing to consider.
Zig is indeed designed specifically for such tasks as system programming and interoperability with C code. However it is not yet ready for production usage as necessary infrastructure is not yet done and each new version introduces breaking changes. Developers recomend waiting version 1.0 before using it in any serious project.
Does it require to be enabled at compilation, or it can be toggled at any time?
Works fine for me.
view more: next ›
Intensions do not metter in this case. It can be used for that and that's enough. If you block any connections that use ECH (by blocking cloudflare-ech for example) users will have no choice but to fallback to unencrypted CH.