Provided by: libcurl4-doc_8.9.1-2ubuntu2.1_all bug

NAME

       CURLOPT_ECH - configuration for Encrypted Client Hello

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ECH, char *config);

DESCRIPTION

       ECH is only compatible with TLSv1.3.

       This experimental feature requires a special build of OpenSSL, as ECH is not yet supported
       in OpenSSL releases. In contrast ECH is supported by  the  latest  BoringSSL  and  wolfSSL
       releases.

       There  is  also  a  known  issue  with  using  wolfSSL which does not support ECH when the
       HelloRetryRequest mechanism is used.

       Pass a string that specifies configuration details for  ECH.  In  all  cases,  if  ECH  is
       attempted, it may fail for various reasons. The keywords supported are:

       false  Turns off ECH.

       grease Instructs  client  to  emit a GREASE ECH extension. (The connection fails if ECH is
              attempted but fails.)

       true   Instructs client to attempt ECH, if possible, but to not fail if attempting ECH  is
              not possible.

       hard   Instructs client to attempt ECH and fail if attempting ECH is not possible.

       ecl:<base64-value>
              If  the  string  starts  with  ecl:  then  the  remainder of the string should be a
              base64-encoded ECHConfigList that  is  used  for  ECH  rather  than  attempting  to
              download such a value from the DNS.

       pn:<name>
              If  the  string  starts  with  pn:  then  the  remainder  of the string should be a
              DNS/hostname that is used to over-ride the public_name field of  the  ECHConfigList
              that is used for ECH.

DEFAULT

       NULL, meaning ECH is disabled.

PROTOCOLS

       This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

       This option works only with the following TLS backends: OpenSSL and wolfSSL

EXAMPLE

       CURL *curl = curl_easy_init();

       const char *config ="ecl:AED+DQA87wAgACB/RuzUCsW3uBbSFI7mzD63TUXpI8sGDTnFTbFCDpa+CAAEAAEAAQANY292ZXIuZGVmby5pZQAA";
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_ECH, config);
         curl_easy_perform(curl);
       }

AVAILABILITY

       Added in curl 8.8.0

RETURN VALUE

       Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

       CURLOPT_DOH_URL(3)