Guardian ProjectDec 6, 2023

Our #HKPE (RFC9180) implementation shipped by #OpenSSL has been audited, and passed with flying colors: "Auditors did not identify any directly exploitable vulnerabilities". Nice work, Stephen Farrell!

https://7asecurity.com/blog/2023/12/defo-2-openssl-hpke-pr-security-audit/

https://www.opentech.fund/security-safety-audits/defo-2-openssl-hpke-pr-security-audit/

#EncryptedClientHello #ECH #MessagingLayerSecurity #MLS,

DEfO-2 OpenSSL HPKE PR Security Audit - 7ASecurity Blog

DEfO-2: OpenSSL's ECH implementation passed a security audit by 7ASecurity, addressing privacy concerns. No exploitable vulnerabilities found, & 10 low-severity issues were fixed in the latest release.

7ASecurity Blog
redfrogNov 13, 2023
The first fully merged, audited and shipped bit of code from our https://defo.ie project is Hybrid Public Key Encryption (#HKPE RFC9180), was shipped by #OpenSSL https://openssl.org/blog/blog/2023/10/18/ossl-hpke/ Its core to #EncryptedClientHello #ECH and #MessagingLayerSecurity #MLS
Developing ECH for OpenSSL (DEfO) - welcome to defo.ie

Guardian ProjectNov 13, 2023
The first fully merged, audited and shipped bit of code from our https://defo.ie project is Hybrid Public Key Encryption (#HKPE RFC9180), it has been shipped by #OpenSSL https://www.openssl.org/blog/blog/2023/10/18/ossl-hpke/ It is a building block for #EncryptedClientHello #ECH and #MessagingLayerSecurity #MLS, providing standard methods for using public key cryptography to encrypt arbitrary blocks of data.
Developing ECH for OpenSSL (DEfO) - welcome to defo.ie