Feature #1866
Implicit TLS (with SNI) connection mode
0%
Description
It would be very useful if Quassel had a client-core connection mode that use pure implicit TLS (with SNI).
This would provide multiple benefits:- Adds the ability to use any TLS load balancer or terminator (traefik/nginx/etc. with more nuanced configuration)
- Implicit TLS like implemented by other software is likely less failure-prone thus more secure than any ad-hoc TLS support
- Resists protocol fingerprinting
- Adds the potential to leverage things like mTLS (using a YubiKey/smartcard for auth), ECH or QUIC in the future
In theory it shouldn't also be that difficult to implement using already available libraries.
History
#1 Updated by Jamie309Perez 6 months ago
Adding pure implicit TLS with SNI to Quassel's client-core connection would significantly improve security and flexibility. This standard method of encryption is more robust and less prone to failure than ad-hoc solutions, and it would allow Quassel to work seamlessly with modern TLS load balancers and https://www.peryourhealth.io terminators like Traefik or Nginx.Beyond these immediate benefits, it would also future-proof the application by enabling advanced security features like mTLS with hardware tokens (e.g., YubiKeys) and support for new protocols like ECH or QUIC.
#2 Updated by rishu 12 days ago
The premium Escorts Service in Anand Parbat exists to serve clients who seek sophisticated services. Our Anand Parbat Escorts present themselves properly while knowing your requirements. The https://www.sophi.in/anand-parbat-call-girls.html provides customers with comfortable service through its open communication and dependable Anand Parbat Call Girls Service.