Question about package build
Daniel Lenski
dlenski at gmail.com
Sun Sep 1 16:14:35 PDT 2024
On Sun, Sep 1, 2024 at 4:10 PM Daniel Lenski <dlenski at gmail.com> wrote:
>
> On Sun, Sep 1, 2024 at 1:46 PM Moorko <me at moorko.net> wrote:
> >
> > Thanks for your detailed response, Daniel.
> >
> > I now realize that I clearly missed the big picture here as I'm relatively new to this domain.
>
> No worries! Looks like you're tackling a tricky problem and asking the
> right questions :-)
>
> > > I'm not sure what "flexible" means specifically.
> >
> > I'm implementing a TLS handshake fragmentation feature for OpenConnect so that it can better resist internet censorship in Iran (and potentially in other places as well).
>
> Ah. We have a tag for Iran-censorship-related issues, definitely
> peruse these if you haven't already:
> https://gitlab.com/openconnect/openconnect/-/issues/?label_name%5B%5D=Damet%20Garm
You might also be interested in
https://gitlab.com/openconnect/openconnect/-/merge_requests/297, where
I added the `--sni` option to aid in
https://en.wikipedia.org/wiki/Domain_fronting (another anti-censorship
technique).
That one also required some careful fine-tuning to handle the change
in expectations of the server's TLS certificate when built with either
OpenSSL or GnuTLS.
More information about the openconnect-devel
mailing list