From 3496ed3814249e5c59b3a5c725b7536c5df651dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Thu, 7 Nov 2024 14:35:36 +0100 Subject: [PATCH 1/7] Update spec to include changes to the echcheck test --- data-formats/df-006-tlshandshake.md | 7 +++++++ nettests/ts-039-echcheck.md | 12 ++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/data-formats/df-006-tlshandshake.md b/data-formats/df-006-tlshandshake.md index a231d5c9..16e15193 100644 --- a/data-formats/df-006-tlshandshake.md +++ b/data-formats/df-006-tlshandshake.md @@ -32,6 +32,7 @@ code. See this directory's [README](README.md) for the basic concepts. "no_tls_verify": false, "peer_certificates": [], "server_name": "example.com", + "echconfig": "", "t0": 1.001, "t": 1.11, "tags": [], @@ -73,6 +74,12 @@ to verify the server's X.509 certificate. Note that, when this field contains an address rather than a domain name, the corresponding value is not included in the TLS ClientHello as described by [RFC 6066, Section 3](https://datatracker.ietf.org/doc/html/rfc6066#section-3); +- `echconfig`: (`string`; optional): echconfig as defined in [TLS ECH + Spec](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-encrypted-clienthello-confi) +base64 encoded as it would be presented inside of an SVCB HTTPS SvcParam as per +[RFC9460](https://www.rfc-editor.org/rfc/rfc9460.html). In the event that only +[GREASEd ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-grease-psk) is being used, it will contain the string litteral `GREASE`. + - `t0` (`float`): number of seconds elapsed since `measurement_start_time` measured in the moment in which we started the operation (`t - t0` gives you the amount of time spent performing the operation); diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index 042a1191..d0ea904a 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -54,15 +54,19 @@ We will include data following these data formats: ```JSON { "test_keys": { - "control": {}, - "target": {} + "tls_handshakes": {}, } } ``` -- `control` : follows the `df-006-tlshandshake` data format +- `tls_handshakes` : (since 0.2.0) follows the `df-006-tlshandshake` data format -- `target` : follows the `df-006-tlshandshake` data format +- `control` : (deprecated since: 0.2.0) follows the `df-006-tlshandshake` data format +- `target` : (deprecated since: 0.2.0) follows the `df-006-tlshandshake` data format + +To distinguish between the tls handshake with ECH or without, you can look at +the `echconfig` field of the `tls_handshakes` list and check if it's empty or +not. ## Possible conclusions From 6f290afb61fc1a21fab185baa73cfc83a0c7bfc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Fri, 8 Nov 2024 14:20:39 +0100 Subject: [PATCH 2/7] Add outer_server_name to TLS spec --- data-formats/df-006-tlshandshake.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data-formats/df-006-tlshandshake.md b/data-formats/df-006-tlshandshake.md index 16e15193..980bf1e6 100644 --- a/data-formats/df-006-tlshandshake.md +++ b/data-formats/df-006-tlshandshake.md @@ -74,6 +74,8 @@ to verify the server's X.509 certificate. Note that, when this field contains an address rather than a domain name, the corresponding value is not included in the TLS ClientHello as described by [RFC 6066, Section 3](https://datatracker.ietf.org/doc/html/rfc6066#section-3); +- `outer_server_name`: (`string`; optional): server name used in the OuterClientHello when [TLS ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html) is being used. When this is set, the `server_name` field indicates the field used inside of the encrypted client hello. + - `echconfig`: (`string`; optional): echconfig as defined in [TLS ECH Spec](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-encrypted-clienthello-confi) base64 encoded as it would be presented inside of an SVCB HTTPS SvcParam as per From c1511c70749edc5d0dbf359aae808de84b952552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Fri, 8 Nov 2024 14:36:36 +0100 Subject: [PATCH 3/7] Update echcheck test specification --- nettests/ts-039-echcheck.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index d0ea904a..eecd4ef6 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -29,9 +29,14 @@ the `input`. # Test description Before performing the test, this experiment will resolve the given target URL -and establish a TCP connection. It will then attempt two TLS handshakes - one -with an ECH extension, and another control handshake without an ECH extension -present. +and establish a TCP connection. It will then attempt three TLS handshakes - one +with an ECH extension and the `public_name` (see: [ECH spec](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-6.1-6)) of the `echconfig` for the domain +in the OuterClientHello, secondly ECH with a different `public_name` than that +advertised in the `public_name` field, finally a control handshake without an +ECH extension present. + +The SNI used inside of the OuterClientHello can be distinguished by looking at +the value of `outer_client_hello`. This experiment does not actually encrypt the Client Hello, but instead attempts a GREASE’d (Generate Random Extensions And Sustain Extensibility) ECH From 342bdd53ed86793a9e3fb30124b24ea5505419a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Mon, 11 Nov 2024 10:36:02 +0100 Subject: [PATCH 4/7] Address spec feedback from @Em4E --- data-formats/df-006-tlshandshake.md | 10 +++++++--- nettests/ts-039-echcheck.md | 16 ++++++++-------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/data-formats/df-006-tlshandshake.md b/data-formats/df-006-tlshandshake.md index 980bf1e6..85dab813 100644 --- a/data-formats/df-006-tlshandshake.md +++ b/data-formats/df-006-tlshandshake.md @@ -74,13 +74,17 @@ to verify the server's X.509 certificate. Note that, when this field contains an address rather than a domain name, the corresponding value is not included in the TLS ClientHello as described by [RFC 6066, Section 3](https://datatracker.ietf.org/doc/html/rfc6066#section-3); -- `outer_server_name`: (`string`; optional): server name used in the OuterClientHello when [TLS ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html) is being used. When this is set, the `server_name` field indicates the field used inside of the encrypted client hello. +- `outer_server_name`: (`string`; optional): server name used in the +`ClientHelloOuter` when [TLS ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html) +is being used. When this is set, the `server_name` field indicates the field +used inside of the encrypted client hello. -- `echconfig`: (`string`; optional): echconfig as defined in [TLS ECH +- `echconfig`: (`string`; optional): ECHConfig as defined in [TLS ECH Spec](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-encrypted-clienthello-confi) base64 encoded as it would be presented inside of an SVCB HTTPS SvcParam as per [RFC9460](https://www.rfc-editor.org/rfc/rfc9460.html). In the event that only -[GREASEd ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-grease-psk) is being used, it will contain the string litteral `GREASE`. +[GREASE ECH](https://www.ietf.org/archive/id/draft-ietf-tls-esni-22.html#name-grease-psk) is being used, it will contain the +string literal `GREASE`. - `t0` (`float`): number of seconds elapsed since `measurement_start_time` measured in the moment in which we started the operation (`t - t0` gives you diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index eecd4ef6..c2139b71 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -24,25 +24,25 @@ handshake. to connect to (e.g. `google.com`) The default implementation will use the domain `example.org` as -the `input`. +the `input`. # Test description Before performing the test, this experiment will resolve the given target URL and establish a TCP connection. It will then attempt three TLS handshakes - one with an ECH extension and the `public_name` (see: [ECH spec](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-6.1-6)) of the `echconfig` for the domain -in the OuterClientHello, secondly ECH with a different `public_name` than that +in the `ClientHelloOuter`, secondly ECH with a different `public_name` than that advertised in the `public_name` field, finally a control handshake without an ECH extension present. -The SNI used inside of the OuterClientHello can be distinguished by looking at -the value of `outer_client_hello`. +The SNI used inside of the `ClientHelloOuter` can be distinguished by looking at +the value of `outer_server_name`. This experiment does not actually encrypt the Client Hello, but instead -attempts a GREASE’d (Generate Random Extensions And Sustain Extensibility) ECH +attempts a GREASE (Generate Random Extensions And Sustain Extensibility) ECH connection as per [draft-ietf-tls-esni-14](https://datatracker.ietf.org/doc/draft-ietf-tls-esni/). This entails placing mocked ECH extension with random values in the -Client Hello. As passive network observers cannot tell a GREASE’d ECH connection +Client Hello. As passive network observers cannot tell a GREASE ECH connection apart from a regular one, this test helps detect if there is any interference to TLS handshakes that possess this field. @@ -157,14 +157,14 @@ present } ``` -# Privacy considerations +# Privacy considerations This nettest may be less intrusive than other nettests as it encourages connections to URLs that are unlikely to be censored. We are not issuing DNS queries for the sensitive domain and we are not connecting to the sensitive IP address. -# Packet capture considerations +# Packet capture considerations This test does not capture packets by default. From a936a371c92ee1f2a9ca3047d4881d1c949f6be9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Mon, 11 Nov 2024 10:45:05 +0100 Subject: [PATCH 5/7] Mention that targets are hardcoded --- nettests/ts-039-echcheck.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index c2139b71..d2aef67b 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -32,8 +32,18 @@ Before performing the test, this experiment will resolve the given target URL and establish a TCP connection. It will then attempt three TLS handshakes - one with an ECH extension and the `public_name` (see: [ECH spec](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-6.1-6)) of the `echconfig` for the domain in the `ClientHelloOuter`, secondly ECH with a different `public_name` than that -advertised in the `public_name` field, finally a control handshake without an -ECH extension present. +advertised in the `public_name` field (`public_name_alt`), finally a control +handshake without an ECH extension present. + +Currently the above values are hardcoded to the following: +* `URL`: https://cloudflare-ech.com/cdn-cgi/trace +* `ClientHelloOuter->public_name`: `cloudflare-ech.com` +* `ClientHelloOuter->public_name_alt`: `cloudflare.com` + +If the input is overriden with a custom URL, we will still use as the +`public_name_alt` the fqdn `cloudflare.com`. + +This behaviour may change in future versions of the test. The SNI used inside of the `ClientHelloOuter` can be distinguished by looking at the value of `outer_server_name`. From 8cea9b5770030a4614a61f8a3fecab501f952af1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Mon, 11 Nov 2024 11:29:46 +0100 Subject: [PATCH 6/7] Add note about residual censorship --- nettests/ts-039-echcheck.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index d2aef67b..9f769cc0 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -33,7 +33,8 @@ and establish a TCP connection. It will then attempt three TLS handshakes - one with an ECH extension and the `public_name` (see: [ECH spec](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-22#section-6.1-6)) of the `echconfig` for the domain in the `ClientHelloOuter`, secondly ECH with a different `public_name` than that advertised in the `public_name` field (`public_name_alt`), finally a control -handshake without an ECH extension present. +handshake without an ECH extension present. The order of these operations is randomized to account for +residual censorship. Currently the above values are hardcoded to the following: * `URL`: https://cloudflare-ech.com/cdn-cgi/trace From 3f2832f39f3d054a9a3ea3b8222c424368fab6db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Mon, 11 Nov 2024 11:34:15 +0100 Subject: [PATCH 7/7] Update spec version and example report --- nettests/ts-039-echcheck.md | 172 +++++++++++++++++++++++------------- 1 file changed, 109 insertions(+), 63 deletions(-) diff --git a/nettests/ts-039-echcheck.md b/nettests/ts-039-echcheck.md index 9f769cc0..ba85f1f1 100644 --- a/nettests/ts-039-echcheck.md +++ b/nettests/ts-039-echcheck.md @@ -1,6 +1,6 @@ # Specification version number -2022-10-01-001 +2024-11-11-002 * _status_: experimental @@ -95,76 +95,122 @@ present ```JSON { "annotations": { - "architecture": "amd64", + "architecture": "arm64", "engine_name": "ooniprobe-engine", - "engine_version": "3.17.0-alpha", - "platform": "macos" + "engine_version": "3.24.0-alpha", + "go_version": "go1.21.11", + "platform": "macos", + "vcs_modified": "true", + "vcs_revision": "186df09a8fdbb459d47d45d4630e3170247bb25b", + "vcs_time": "2024-11-08T13:18:54Z", + "vcs_tool": "git" }, "data_format_version": "0.2.0", - "input": "https://example.org", - "measurement_start_time": "2022-10-02 14:51:22", - "probe_asn": "AS45609", - "probe_cc": "IN", + "input": "https://cloudflare-ech.com/cdn-cgi/trace", + "measurement_start_time": "2024-11-11 10:28:04", + "probe_asn": "AS30722", + "probe_cc": "IT", "probe_ip": "127.0.0.1", - "probe_network_name": "Bharti Airtel Limited", - "report_id": "20221002T145122Z_echcheck_IN_45609_n1_joXsfBSYhFLCSNW9", - "resolver_asn": "AS9498", - "resolver_ip": "59.144.144.6", - "resolver_network_name": "Bharti Airtel Limited", + "probe_network_name": "Vodafone Italia S.p.A.", + "report_id": "", + "resolver_asn": "AS30722", + "resolver_ip": "91.80.37.88", + "resolver_network_name": "Vodafone Italia S.p.A.", "software_name": "miniooni", - "software_version": "3.17.0-alpha", + "software_version": "3.24.0-alpha", "test_keys": { - "control": { - "address": "93.184.216.34:443", - "cipher_suite": "TLS_AES_256_GCM_SHA384", - "failure": null, - "negotiated_protocol": "h2", - "network": "tcp", - "no_tls_verify": true, - "peer_certificates": [ - { - "data": "MIIHRzCCBi+gAwIBAgIQD6pjEJMHvD1BSJJkDM1NmjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAzMTQwMDAwMDBaFw0yMzAzMTQyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxQjBABgNVBAoMOUludGVybmV0wqBDb3Jwb3JhdGlvbsKgZm9ywqBBc3NpZ25lZMKgTmFtZXPCoGFuZMKgTnVtYmVyczEYMBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV2WY5rlGn1fpwvuBhj0nVBcNxCxkHUG/pJG4HvaJen7YIZ1mLc7/P4snOJZiEfwWFTikHNbcUCcYiKG8JkFebZOYMc1U9PiEtVWGU4kuYuxiXpD8oMPin1B0SgrF7gKfO1//I2weJdAUjgZuXBCPAlhz2EnHddzXUtwm9XuOLO/Y6LATVMsbp8/lXnfo/bX0UgJ7C0aVqOu07A0Vr6OkPxwWmOvF3cRKhVCM7U4B51KK+IsWRLm8cVW1IaXjwhGzW7BR6EI3sxCQ4Wnc6HVPSgmomLWWWkIGFPAwcWUB4NC12yhCO5iW/dxNMWNLMRVtnZAyq6FpZ8wFK6j4OMwMwIDAQABo4ID1TCCA9EwHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFPcqCdAkWxFx7rq+9D4cPVYSiBa7MIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUubmV0ggtleGFtcGxlLmVkdYILZXhhbXBsZS5jb22CC2V4YW1wbGUub3Jngg93d3cuZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwCQYDVR0TBAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAF/ip6hdQAABAMARjBEAiAxePNT60Z/vTJTPVryiGzXrLxCNJQqteULkguBEMbG/gIgR3QwvILJIWAUfvSfJQ/zMmqr2JDanWE8uzbC4EWbcwAAdQA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAX+KnqF8AAAEAwBGMEQCIDspTxwkUBpEoeA+IolNYwOKl9Yxmwk816yd0O2IJPZcAiAV8TWhoOLiiqGKnY02CdcGXOzAzC7tT6m7OtLAku2+WAB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABf4qeoYcAAAQDAEcwRQIgKR7qwPLQb6UT2+S7w7uQsbsDZfZVX/g8FkBtAltaTpACIQDLdtedRNGNhuzYpB6gmBBydhtSQi5YZLspFvaVHpeW1zANBgkqhkiG9w0BAQsFAAOCAQEAqp++XZEbreROTsyPB2RENbStOxM/wSnYtKvzQlFJRjvWzx5Bg+ELVy+DaXllB29ZA4xRlIkYED4eXO26PY5PGhSS0yv/1JjLp5MOvLcbk6RCQkbZ5bEaa2gqmy5IqS8dKrDj+CCUVIFQLu7X4CB6ey5n+/rYF6Rb3MoAYu8jr3pY8Hp0DL1NQ/GMAofc464J0vf6NzzSS6sE5UOl0lURDkGHXzio5XpeTEa4tvo/w0vNQDX/4KRxdArBIIvjVEeE1Ri9UZtAXd1CMBLROqVjmq+QCNYb0XELBnGQ666tr7pfx9trHniitNEGI6dj87VD+laMUBd7HBtOEGsiDoRSlA==", - "format": "base64" - }, - { - "data": "MIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBSU0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6aqXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddng9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuWraKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGBAfr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21reacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBgjCCAX4wEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUt2ui6qiqhIx56rTaD5iyxZV2ufQwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwCwYJYIZIAYb9bAIBMAcGBWeBDAEBMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQCAMs5eC91uWg0Kr+HWhMvAjvqFcO3aXbMM9yt1QP6FCvrzMXi3cEsaiVi6gL3zax3pfs8LulicWdSQ0/1s/dCYbbdxglvPbQtaCdB73sRD2Cqk3p5BJl+7j5nL3a7hqG+fh/50tx8bIKuxT8b1Z11dmzzp/2n3YWzW2fP9NsarA4h20ksudYbj/NhVfSbCEXffPgK2fPOre3qGNm+499iTcc+G33Mw+nur7SpZyEKEOxEXGlLzyQ4UfaJbcme6ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697EA7sKPPcw7+uvTPyLNhBzPvOk", - "format": "base64" - } - ], - "server_name": "example.org", - "t": 1.155229, - "t0": 0.746678, - "tags": [], - "tls_version": "TLSv1.3" - }, - "target": { - "address": "93.184.216.34:443", - "cipher_suite": "TLS_AES_256_GCM_SHA384", - "failure": null, - "negotiated_protocol": "h2", - "network": "tcp", - "no_tls_verify": true, - "peer_certificates": [ - { - "data": "MIIHRzCCBi+gAwIBAgIQD6pjEJMHvD1BSJJkDM1NmjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAzMTQwMDAwMDBaFw0yMzAzMTQyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxQjBABgNVBAoMOUludGVybmV0wqBDb3Jwb3JhdGlvbsKgZm9ywqBBc3NpZ25lZMKgTmFtZXPCoGFuZMKgTnVtYmVyczEYMBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV2WY5rlGn1fpwvuBhj0nVBcNxCxkHUG/pJG4HvaJen7YIZ1mLc7/P4snOJZiEfwWFTikHNbcUCcYiKG8JkFebZOYMc1U9PiEtVWGU4kuYuxiXpD8oMPin1B0SgrF7gKfO1//I2weJdAUjgZuXBCPAlhz2EnHddzXUtwm9XuOLO/Y6LATVMsbp8/lXnfo/bX0UgJ7C0aVqOu07A0Vr6OkPxwWmOvF3cRKhVCM7U4B51KK+IsWRLm8cVW1IaXjwhGzW7BR6EI3sxCQ4Wnc6HVPSgmomLWWWkIGFPAwcWUB4NC12yhCO5iW/dxNMWNLMRVtnZAyq6FpZ8wFK6j4OMwMwIDAQABo4ID1TCCA9EwHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFPcqCdAkWxFx7rq+9D4cPVYSiBa7MIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUubmV0ggtleGFtcGxlLmVkdYILZXhhbXBsZS5jb22CC2V4YW1wbGUub3Jngg93d3cuZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwCQYDVR0TBAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAF/ip6hdQAABAMARjBEAiAxePNT60Z/vTJTPVryiGzXrLxCNJQqteULkguBEMbG/gIgR3QwvILJIWAUfvSfJQ/zMmqr2JDanWE8uzbC4EWbcwAAdQA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAX+KnqF8AAAEAwBGMEQCIDspTxwkUBpEoeA+IolNYwOKl9Yxmwk816yd0O2IJPZcAiAV8TWhoOLiiqGKnY02CdcGXOzAzC7tT6m7OtLAku2+WAB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABf4qeoYcAAAQDAEcwRQIgKR7qwPLQb6UT2+S7w7uQsbsDZfZVX/g8FkBtAltaTpACIQDLdtedRNGNhuzYpB6gmBBydhtSQi5YZLspFvaVHpeW1zANBgkqhkiG9w0BAQsFAAOCAQEAqp++XZEbreROTsyPB2RENbStOxM/wSnYtKvzQlFJRjvWzx5Bg+ELVy+DaXllB29ZA4xRlIkYED4eXO26PY5PGhSS0yv/1JjLp5MOvLcbk6RCQkbZ5bEaa2gqmy5IqS8dKrDj+CCUVIFQLu7X4CB6ey5n+/rYF6Rb3MoAYu8jr3pY8Hp0DL1NQ/GMAofc464J0vf6NzzSS6sE5UOl0lURDkGHXzio5XpeTEa4tvo/w0vNQDX/4KRxdArBIIvjVEeE1Ri9UZtAXd1CMBLROqVjmq+QCNYb0XELBnGQ666tr7pfx9trHniitNEGI6dj87VD+laMUBd7HBtOEGsiDoRSlA==", - "format": "base64" - }, - { - "data": "MIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBSU0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6aqXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddng9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuWraKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGBAfr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21reacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBgjCCAX4wEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUt2ui6qiqhIx56rTaD5iyxZV2ufQwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwCwYJYIZIAYb9bAIBMAcGBWeBDAEBMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQCAMs5eC91uWg0Kr+HWhMvAjvqFcO3aXbMM9yt1QP6FCvrzMXi3cEsaiVi6gL3zax3pfs8LulicWdSQ0/1s/dCYbbdxglvPbQtaCdB73sRD2Cqk3p5BJl+7j5nL3a7hqG+fh/50tx8bIKuxT8b1Z11dmzzp/2n3YWzW2fP9NsarA4h20ksudYbj/NhVfSbCEXffPgK2fPOre3qGNm+499iTcc+G33Mw+nur7SpZyEKEOxEXGlLzyQ4UfaJbcme6ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697EA7sKPPcw7+uvTPyLNhBzPvOk", - "format": "base64" - } - ], - "server_name": "example.org", - "t": 1.462465, - "t0": 1.159156, - "tags": [], - "tls_version": "TLSv1.3" - } + "tls_handshakes": [ + { + "address": "104.18.10.118:443", + "cipher_suite": "TLS_AES_128_GCM_SHA256", + "failure": null, + "negotiated_protocol": "h2", + "network": "tcp", + "no_tls_verify": true, + "peer_certificates": [ + { + "data": "MIIDujCCA2CgAwIBAgIRAPBDTLHoCzLmE2ouZzdmwOwwCgYIKoZIzj0EAwIwOzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoGA1UEAxMDV0UxMB4XDTI0MTAzMDIxMjEzMloXDTI1MDEyODIxMjEzMVowHTEbMBkGA1UEAxMSY2xvdWRmbGFyZS1lY2guY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECOArZgHHhZwFdngJKHh3PbDTKr2UbgEN407X9NgzHzSc+ffnJm0fASWgmwxfuLPXuaMHlpXcLb3tJm7ShveaRaOCAmEwggJdMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRi02JIT/pmFp5aTCJGDebmX0LS1jAfBgNVHSMEGDAWgBSQd5I1Z8T/qMyp5nvZgHl7zJP5ODBeBggrBgEFBQcBAQRSMFAwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vLnBraS5nb29nL3Mvd2UxLzhFTTAlBggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd2UxLmNydDAzBgNVHREELDAqghJjbG91ZGZsYXJlLWVjaC5jb22CFCouY2xvdWRmbGFyZS1lY2guY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jLnBraS5nb29nL3dlMS9aa2p6VVhLQ1V3VS5jcmwwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZLfhRAzAAAEAwBGMEQCIC4T9fxUhEiWfJ5+ltmzbw0Qi9Dtyvq8jO2xWptlGod8AiA9hSlQodL8y7VuqMzgwmDHthXgt1nsm6vBwCaxVI9HhQB3AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABkt+FEEAAAAQDAEgwRgIhAPqj7desNvIBunxRqb+Etres3D7rlCGX7nwtQ8XQUAPuAiEAlPGz6wihPtu1dkEs1ImdrzktfrGza60fY96tbaq/9jcwCgYIKoZIzj0EAwIDSAAwRQIgaL43R1neNgT8Jz7/nwt7rLWGZIODr4Gk44E1zFVk4OsCIQDvXu068bjKopUlxv22WnwchsKG9fbVIZnJLLGAQ8VhMw==", + "format": "base64" + }, + { + "data": "MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmPLCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7FavCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2kuZ29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cvci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIxAOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5VsQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN7uJW", + "format": "base64" + }, + { + "data": "MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTExNTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vYy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJodI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY+SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/CskGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl", + "format": "base64" + } + ], + "server_name": "cloudflare-ech.com", + "t": 0.098567, + "t0": 0.076615, + "tags": [], + "tls_version": "TLSv1.3" + }, + { + "address": "104.18.10.118:443", + "cipher_suite": "TLS_AES_128_GCM_SHA256", + "echconfig": "GREASE", + "failure": null, + "negotiated_protocol": "h2", + "network": "tcp", + "no_tls_verify": true, + "outer_server_name": "cloudflare-ech.com", + "peer_certificates": [ + { + "data": "MIIDujCCA2CgAwIBAgIRAPBDTLHoCzLmE2ouZzdmwOwwCgYIKoZIzj0EAwIwOzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoGA1UEAxMDV0UxMB4XDTI0MTAzMDIxMjEzMloXDTI1MDEyODIxMjEzMVowHTEbMBkGA1UEAxMSY2xvdWRmbGFyZS1lY2guY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECOArZgHHhZwFdngJKHh3PbDTKr2UbgEN407X9NgzHzSc+ffnJm0fASWgmwxfuLPXuaMHlpXcLb3tJm7ShveaRaOCAmEwggJdMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRi02JIT/pmFp5aTCJGDebmX0LS1jAfBgNVHSMEGDAWgBSQd5I1Z8T/qMyp5nvZgHl7zJP5ODBeBggrBgEFBQcBAQRSMFAwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vLnBraS5nb29nL3Mvd2UxLzhFTTAlBggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd2UxLmNydDAzBgNVHREELDAqghJjbG91ZGZsYXJlLWVjaC5jb22CFCouY2xvdWRmbGFyZS1lY2guY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jLnBraS5nb29nL3dlMS9aa2p6VVhLQ1V3VS5jcmwwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZLfhRAzAAAEAwBGMEQCIC4T9fxUhEiWfJ5+ltmzbw0Qi9Dtyvq8jO2xWptlGod8AiA9hSlQodL8y7VuqMzgwmDHthXgt1nsm6vBwCaxVI9HhQB3AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABkt+FEEAAAAQDAEgwRgIhAPqj7desNvIBunxRqb+Etres3D7rlCGX7nwtQ8XQUAPuAiEAlPGz6wihPtu1dkEs1ImdrzktfrGza60fY96tbaq/9jcwCgYIKoZIzj0EAwIDSAAwRQIgaL43R1neNgT8Jz7/nwt7rLWGZIODr4Gk44E1zFVk4OsCIQDvXu068bjKopUlxv22WnwchsKG9fbVIZnJLLGAQ8VhMw==", + "format": "base64" + }, + { + "data": "MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmPLCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7FavCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2kuZ29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cvci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIxAOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5VsQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN7uJW", + "format": "base64" + }, + { + "data": "MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTExNTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vYy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJodI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY+SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/CskGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl", + "format": "base64" + } + ], + "server_name": "cloudflare-ech.com", + "t": 0.123876, + "t0": 0.096614, + "tags": [], + "tls_version": "TLSv1.3" + }, + { + "address": "104.18.10.118:443", + "cipher_suite": "TLS_AES_128_GCM_SHA256", + "echconfig": "GREASE", + "failure": null, + "negotiated_protocol": "h2", + "network": "tcp", + "no_tls_verify": true, + "outer_server_name": "cloudflare.com", + "peer_certificates": [ + { + "data": "MIID6TCCA5CgAwIBAgIQFtGszwHTzwQT+KtePBiG1jAKBggqhkjOPQQDAjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXRTEwHhcNMjQxMDEwMjMxNjM0WhcNMjUwMTA5MDAxNjMxWjAZMRcwFQYDVQQDEw5jbG91ZGZsYXJlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKeNXimrMJ319no17HrtqFFttI39bXomgPdJUEW0DiWGmQ0Z6HsqlD36i+EpGG5CyCncxp24KGQrvYlHO6ozJMujggKWMIICkjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU99As+ZH4M51+yV9dSLrY5kSZnOAwHwYDVR0jBBgwFoAUkHeSNWfE/6jMqeZ72YB5e8yT+TgwXgYIKwYBBQUHAQEEUjBQMCcGCCsGAQUFBzABhhtodHRwOi8vby5wa2kuZ29vZy9zL3dlMS9GdEUwJQYIKwYBBQUHMAKGGWh0dHA6Ly9pLnBraS5nb29nL3dlMS5jcnQwaQYDVR0RBGIwYIIOY2xvdWRmbGFyZS5jb22CEmNwMi5jbG91ZGZsYXJlLmNvbYISY3AzLmNsb3VkZmxhcmUuY29tghJjcDQuY2xvdWRmbGFyZS5jb22CEmNwNS5jbG91ZGZsYXJlLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vYy5wa2kuZ29vZy93ZTEvVFFSUml0TlFaYTguY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGSeO8yzAAABAMARjBEAiBvfQJrts8okqXkL2+tyb+Yn3uFkPgwSDHy1AsgksXYRwIgMEhDZTb6y9awS0g/IZ644TE+RECM0JEFqgVgSAXvCJ8AdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAZJ47zKoAAAEAwBHMEUCIQDlgD4pa8FhXSmp/nK+shcuF9BavcPv+SK8YU6ncLswKQIgOnKg/xKZk8IMFFZm2w4O1CIaKSyTUZCX8V/dJVZWITMwCgYIKoZIzj0EAwIDRwAwRAIgYjquzQb6fiu1KfnHgJd8hLmW65P8QYje4FXU91cT5/ACIA/0fG/gb//HRc8jE/jD2L0qe4F1JKAMjlg/Vf8NOCV8", + "format": "base64" + }, + { + "data": "MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmPLCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7FavCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2kuZ29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cvci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIxAOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5VsQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN7uJW", + "format": "base64" + }, + { + "data": "MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTExNTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vYy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJodI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY+SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/CskGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl", + "format": "base64" + } + ], + "server_name": "cloudflare-ech.com", + "t": 0.139085, + "t0": 0.11582, + "tags": [], + "tls_version": "TLSv1.3" + } + ] }, "test_name": "echcheck", - "test_runtime": 1.4624715, - "test_start_time": "2022-10-02 14:51:21", - "test_version": "0.1.0" + "test_runtime": 0.139121083, + "test_start_time": "2024-11-11 10:28:04", + "test_version": "0.2.0" } ```