crypto/tls: use inner hello for earlyData when using QUIC and ECH

I don't think we have good QUIC ECH tests. BoGo has some for this, but I'm not sure how easy it would be to enable those for QUIC. Fixes #76283 Change-Id: I0ffa535fd89a624b7f9bfd73441ce2a1683e0549 Reviewed-on: https://go-review.googlesource.com/c/go/+/720920 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
author: Roland Shoemaker <roland@golang.org> 2025-11-16 16:09:16 -0800
committer: Gopher Robot <gobot@golang.org> 2025-11-21 17:50:12 -0800
commit: 31aa9f800bc8d4089e05b8726b599abe04a486a3 (patch)
tree: a7e7d66dcb1815c986ec3a3f1f250821a25b8ae2 /src/crypto
parent: d68aec8db1bc3c167d2f0e5fdee8c1346ee35418 (diff)
download: go-31aa9f800bc8d4089e05b8726b599abe04a486a3.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 533b8ba31e..47cf88323d 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -308,7 +308,11 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 	if hello.earlyData {
 		suite := cipherSuiteTLS13ByID(session.cipherSuite)
 		transcript := suite.hash.New()
-		if err := transcriptMsg(hello, transcript); err != nil {
+		transcriptHello := hello
+		if ech != nil {
+			transcriptHello = ech.innerHello
+		}
+		if err := transcriptMsg(transcriptHello, transcript); err != nil {
 			return err
 		}
 		earlyTrafficSecret := earlySecret.ClientEarlyTrafficSecret(transcript)
author	Roland Shoemaker <roland@golang.org>	2025-11-16 16:09:16 -0800
committer	Gopher Robot <gobot@golang.org>	2025-11-21 17:50:12 -0800
commit	31aa9f800bc8d4089e05b8726b599abe04a486a3 (patch)
tree	a7e7d66dcb1815c986ec3a3f1f250821a25b8ae2 /src/crypto
parent	d68aec8db1bc3c167d2f0e5fdee8c1346ee35418 (diff)
download	go-31aa9f800bc8d4089e05b8726b599abe04a486a3.tar.xz