ciphers given significance, as it is the only attribute used on both sides
diff --git a/include/picotls.h b/include/picotls.h
index 118549b..5b1894b 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -754,11 +754,20 @@
size_t count;
} certificates;
/**
- * list of ECH kems, cipher-suites supported; or set to NULL to disable ECH
+ * ECH
*/
struct {
- ptls_hpke_kem_t **kems;
+ /**
+ * list of HPKE symmetric cipher-suites (set to NULL to disable ECH altogether)
+ */
ptls_hpke_cipher_suite_t **ciphers;
+ /**
+ * client-only: KEMs being supported
+ */
+ ptls_hpke_kem_t **kems;
+ /**
+ * server-only: callback that does ECDH key exchange and returns the AEAD context
+ */
ptls_ech_create_opener_t *create_opener;
} ech;
/**
diff --git a/t/cli.c b/t/cli.c
index e9fd933..4d441ce 100644
--- a/t/cli.c
+++ b/t/cli.c
@@ -489,7 +489,7 @@
.get_time = &ptls_get_time,
.key_exchanges = key_exchanges,
.cipher_suites = cipher_suites,
- .ech = {ptls_openssl_hpke_kems, ptls_openssl_hpke_cipher_suites, NULL /* activated by -K option */},
+ .ech = {ptls_openssl_hpke_cipher_suites, ptls_openssl_hpke_kems, NULL /* activated by -K option */},
};
ptls_handshake_properties_t hsprop = {{{{NULL}}}};
const char *host, *port, *input_file = NULL;
diff --git a/t/openssl.c b/t/openssl.c
index 981bc20..97e3dcf 100644
--- a/t/openssl.c
+++ b/t/openssl.c
@@ -390,7 +390,7 @@
.cipher_suites = ptls_openssl_cipher_suites,
.tls12_cipher_suites = ptls_openssl_tls12_cipher_suites,
.certificates = {&cert, 1},
- .ech = {ptls_openssl_hpke_kems, ptls_openssl_hpke_cipher_suites, &ech_create_opener},
+ .ech = {ptls_openssl_hpke_cipher_suites, ptls_openssl_hpke_kems, &ech_create_opener},
.sign_certificate = &openssl_sign_certificate.super};
assert(openssl_ctx.cipher_suites[0]->hash->digest_size == 48); /* sha384 */
ptls_context_t openssl_ctx_sha256only = openssl_ctx;
diff --git a/t/picotls.c b/t/picotls.c
index d89fe63..9e37996 100644
--- a/t/picotls.c
+++ b/t/picotls.c
@@ -669,7 +669,7 @@
static int can_ech(ptls_context_t *ctx, int is_server)
{
- if (ctx->ech.kems == NULL || ctx->ech.ciphers == NULL)
+ if (ctx->ech.ciphers == NULL)
return 0;
if (is_server && ctx->ech.create_opener == NULL)
return 0;
@@ -1577,15 +1577,15 @@
}
struct {
- ptls_hpke_kem_t **server, **client;
- } orig_ech_kems = {ctx_peer->ech.kems, ctx->ech.kems};
+ ptls_hpke_cipher_suite_t **server, **client;
+ } orig_ech_ciphers = {ctx_peer->ech.ciphers, ctx->ech.ciphers};
/* first run tests wo. ECH */
- ctx_peer->ech.kems = NULL;
- ctx->ech.kems = NULL;
+ ctx_peer->ech.ciphers = NULL;
+ ctx->ech.ciphers = NULL;
subtest("no-ech", test_all_handshakes_core);
- ctx_peer->ech.kems = orig_ech_kems.server;
- ctx->ech.kems = orig_ech_kems.client;
+ ctx_peer->ech.ciphers = orig_ech_ciphers.server;
+ ctx->ech.ciphers = orig_ech_ciphers.client;
if (can_ech(ctx_peer, 1) && can_ech(ctx, 0))
subtest("ech", test_all_handshakes_core);