Advanced TLS
The deeper TLS knobs. ECH, speculative CONNECT, keylogging for Wireshark, and domain fronting. You won't reach for these every day, but when you need them, you really need them.
In this section
- ECH: Encrypted Client Hello. On by default, opt out with
WithDisableECH. - Speculative TLS: pipeline CONNECT and ClientHello, save one RTT on every proxied dial.
- TLS Keylog: dump
SSLKEYLOGFILEfor Wireshark when you need to see what's actually on the wire. - Domain Fronting: when SNI isn't Host, here's how to wire it up.