xref: /aosp_15_r20/external/curl/docs/cmdline-opts/ech.md (revision 6236dae45794135f37c4eb022389c904c8b0090d) 
1*6236dae4SAndroid Build Coastguard Worker---
2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al.
3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl
4*6236dae4SAndroid Build Coastguard WorkerLong: ech
5*6236dae4SAndroid Build Coastguard WorkerArg: <config>
6*6236dae4SAndroid Build Coastguard WorkerHelp: Configure ECH
7*6236dae4SAndroid Build Coastguard WorkerAdded: 8.8.0
8*6236dae4SAndroid Build Coastguard WorkerCategory: tls
9*6236dae4SAndroid Build Coastguard WorkerProtocols: HTTPS
10*6236dae4SAndroid Build Coastguard WorkerMulti: single
11*6236dae4SAndroid Build Coastguard WorkerSee-also:
12*6236dae4SAndroid Build Coastguard Worker  - doh-url
13*6236dae4SAndroid Build Coastguard WorkerExample:
14*6236dae4SAndroid Build Coastguard Worker  - --ech true $URL
15*6236dae4SAndroid Build Coastguard Worker---
16*6236dae4SAndroid Build Coastguard Worker
17*6236dae4SAndroid Build Coastguard Worker# `--ech`
18*6236dae4SAndroid Build Coastguard Worker
19*6236dae4SAndroid Build Coastguard WorkerSpecifies how to do ECH (Encrypted Client Hello).
20*6236dae4SAndroid Build Coastguard Worker
21*6236dae4SAndroid Build Coastguard WorkerThe values allowed for \<config\> can be:
22*6236dae4SAndroid Build Coastguard Worker
23*6236dae4SAndroid Build Coastguard Worker## "false" (default)
24*6236dae4SAndroid Build Coastguard Worker
25*6236dae4SAndroid Build Coastguard WorkerDo not attempt ECH
26*6236dae4SAndroid Build Coastguard Worker
27*6236dae4SAndroid Build Coastguard Worker## "grease"
28*6236dae4SAndroid Build Coastguard Worker
29*6236dae4SAndroid Build Coastguard WorkerSend a GREASE ECH extension
30*6236dae4SAndroid Build Coastguard Worker
31*6236dae4SAndroid Build Coastguard Worker## "true"
32*6236dae4SAndroid Build Coastguard Worker
33*6236dae4SAndroid Build Coastguard WorkerAttempt ECH if possible, but do not fail if ECH is not attempted.
34*6236dae4SAndroid Build Coastguard Worker(The connection fails if ECH is attempted but fails.)
35*6236dae4SAndroid Build Coastguard Worker
36*6236dae4SAndroid Build Coastguard Worker## "hard"
37*6236dae4SAndroid Build Coastguard Worker
38*6236dae4SAndroid Build Coastguard WorkerAttempt ECH and fail if that is not possible.
39*6236dae4SAndroid Build Coastguard WorkerECH only works with TLS 1.3 and also requires using
40*6236dae4SAndroid Build Coastguard WorkerDoH or providing an ECHConfigList on the command line.
41*6236dae4SAndroid Build Coastguard Worker
42*6236dae4SAndroid Build Coastguard Worker## "ecl:<b64val>"
43*6236dae4SAndroid Build Coastguard Worker
44*6236dae4SAndroid Build Coastguard WorkerA base64 encoded ECHConfigList that is used for ECH.
45*6236dae4SAndroid Build Coastguard Worker
46*6236dae4SAndroid Build Coastguard Worker## "pn:<name>"
47*6236dae4SAndroid Build Coastguard Worker
48*6236dae4SAndroid Build Coastguard WorkerA name to use to over-ride the `public_name` field of an ECHConfigList
49*6236dae4SAndroid Build Coastguard Worker(only available with OpenSSL TLS support)
50*6236dae4SAndroid Build Coastguard Worker
51*6236dae4SAndroid Build Coastguard Worker## Errors
52*6236dae4SAndroid Build Coastguard Worker
53*6236dae4SAndroid Build Coastguard WorkerMost errors cause error
54*6236dae4SAndroid Build Coastguard Worker*CURLE_ECH_REQUIRED* (101).
55