kpcyrd 🏴1d ago

I pushed curl-rustls-8.19.0-3-x86_64.pkg.tar.zst to Arch Linux, with this version it's now possible to encrypt the TLS client hello:

curl-rustls -sSv --ech hard --doh-url='https://dns.mullvad.net/dns-query' 'https://defo.ie/ech-check.php'

Should display:

<p>SSL_ECH_OUTER_SNI: cover.defo.ie <br />
SSL_ECH_INNER_SNI: defo.ie <br />

The --doh-url is mandatory, otherwise curl won't query the `https` dns records (dig +short https defo.ie).

For opportunistic ECH use `--ech true`.

#archlinux #curl #ech

Show threadkpcyrd 🏴
Note the https:// may not be visible in your fediverse client, if the copy-pasted command doesn't work for you, make sure both urls (--doh-url and the last argument) start with https://
Apr 6 at 5:00pmWeb