Project

General

Profile

Feature #1866

Implicit TLS (with SNI) connection mode

Added by Avamander almost 2 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/30/2023
Due date:
% Done:

0%

Estimated time:
OS:
Any

Description

It would be very useful if Quassel had a client-core connection mode that use pure implicit TLS (with SNI).

This would provide multiple benefits:
  • Adds the ability to use any TLS load balancer or terminator (traefik/nginx/etc. with more nuanced configuration)
  • Implicit TLS like implemented by other software is likely less failure-prone thus more secure than any ad-hoc TLS support
  • Resists protocol fingerprinting
  • Adds the potential to leverage things like mTLS (using a YubiKey/smartcard for auth), ECH or QUIC in the future

In theory it shouldn't also be that difficult to implement using already available libraries.

Also available in: Atom PDF