Feature #1866
Implicit TLS (with SNI) connection mode
0%
Description
It would be very useful if Quassel had a client-core connection mode that use pure implicit TLS (with SNI).
This would provide multiple benefits:- Adds the ability to use any TLS load balancer or terminator (traefik/nginx/etc. with more nuanced configuration)
- Implicit TLS like implemented by other software is likely less failure-prone thus more secure than any ad-hoc TLS support
- Resists protocol fingerprinting
- Adds the potential to leverage things like mTLS (using a YubiKey/smartcard for auth), ECH or QUIC in the future
In theory it shouldn't also be that difficult to implement using already available libraries.
History
#1 Updated by peterpanpan 23 days ago
During my first experience with uno online, I did not foresee such a profound level of intrigue. Participating in games not only offers entertainment but also functions as an effective method for sustaining communication with cherished individuals, irrespective of their geographical location.
#2 Updated by Edward357Johnson 16 days ago
Adding a client-core connection mode in Quassel using pure implicit TLS (with SNI) could enhance security, compatibility, and future-proofing. This would enable the use of TLS load balancers, improve security, resist protocol fingerprinting, and allow future features like mTLS, ECH, or QUIC. It should be implementable using existing libraries. https://www.my-itero.com