sayrer/ech_tls_server.go

## ech_tls_server.go
package main

import (
	"crypto/tls"
	"encoding/base64"
	"flag"
	"fmt"
	"log"
	"net/http"
)

func main() {
	addr := flag.String("addr", ":443", "HTTPS network address")

	// An ECHConfig for "localhost"
	config_base64 := "ACDXBDVq/+iMGNWtGny61W+oYUAvAWLUbrkRd3NK0Xc3nQBA/g0APAAAIAAgMaCCcld+og5XxUZqhPoaNj8VxNBCEj31FCWCgsuk/FcACAABAAEAAQADgAlsb2NhbGhvc3QAAA=="
	dst := make([]byte, base64.StdEncoding.DecodedLen(len(config_base64)))
	n, err := base64.StdEncoding.Decode(dst, []byte(config_base64))
	if err != nil {
		fmt.Println("decode error:", err)
		return
	}
	keys, err := tls.EXP_UnmarshalECHKeys(dst[:n])
	if err != nil {
		fmt.Println("unmarshal error:", err)
		return
	}

	key_set, err := tls.EXP_NewECHKeySet(keys)
	if err != nil {
		fmt.Println("error creating key set:", err)
		return
	}

	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
		if req.URL.Path != "/" {
			http.NotFound(w, req)
			return
		}
		fmt.Fprintf(w, "Proudly served with Go and HTTPS!")
	})

	srv := &http.Server{
		Addr:    *addr,
		Handler: mux,
		TLSConfig: &tls.Config{
			ECHEnabled:               true,
			ServerECHProvider:        key_set,
			MinVersion:               tls.VersionTLS13,
			PreferServerCipherSuites: true,
		},
	}
	log.Printf("Starting server on %s", *addr)

	err = srv.ListenAndServeTLS("example.com+5.pem", "example.com+5-key.pem")
	log.Fatal(err)
}
	package main

	import (
	"crypto/tls"
	"encoding/base64"
	"flag"
	"fmt"
	"log"
	"net/http"
	)

	func main() {
	addr := flag.String("addr", ":443", "HTTPS network address")

	// An ECHConfig for "localhost"
	config_base64 := "ACDXBDVq/+iMGNWtGny61W+oYUAvAWLUbrkRd3NK0Xc3nQBA/g0APAAAIAAgMaCCcld+og5XxUZqhPoaNj8VxNBCEj31FCWCgsuk/FcACAABAAEAAQADgAlsb2NhbGhvc3QAAA=="
	dst := make([]byte, base64.StdEncoding.DecodedLen(len(config_base64)))
	n, err := base64.StdEncoding.Decode(dst, []byte(config_base64))
	if err != nil {
	fmt.Println("decode error:", err)
	return
	}
	keys, err := tls.EXP_UnmarshalECHKeys(dst[:n])
	if err != nil {
	fmt.Println("unmarshal error:", err)
	return
	}

	key_set, err := tls.EXP_NewECHKeySet(keys)
	if err != nil {
	fmt.Println("error creating key set:", err)
	return
	}

	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
	if req.URL.Path != "/" {
	http.NotFound(w, req)
	return
	}
	fmt.Fprintf(w, "Proudly served with Go and HTTPS!")
	})

	srv := &http.Server{
	Addr: *addr,
	Handler: mux,
	TLSConfig: &tls.Config{
	ECHEnabled: true,
	ServerECHProvider: key_set,
	MinVersion: tls.VersionTLS13,
	PreferServerCipherSuites: true,
	},
	}
	log.Printf("Starting server on %s", *addr)

	err = srv.ListenAndServeTLS("example.com+5.pem", "example.com+5-key.pem")
	log.Fatal(err)
	}