Introduction

Server Name Indication (SNI) is a TLS extension that lets clients specify the target domain name during handshakes, enabling servers to host multiple sites behind the same IP address. It exists to support virtual hosting but exposes the domain in plaintext, allowing network intermediaries like ISPs to track visited sites and enabling censorship via SNI blocking.

Encrypted Client Hello (ECH) fixes this by encrypting the SNI and full ClientHello, boosting privacy against snooping and SNI blocking.

SNI

Server Name Indication (SNI) is a critical TLS extension introduced in RFC 6066 to enable virtual hosting on shared IP addresses. During the TLS handshake, the client includes the SNI field in plaintext within the ClientHello message, specifying the target hostname so the server can select the correct certificate or location to redirect the traffic to via a L4 proxy.

The design solved the multi-domain hosting problem and mitigating some of the IPv4 exhaustion problems, but sacrificing privacy, as anyone monitoring network traffic like your ISP at home can easily read the SNI and infer browsing activity while the HTTP traffic is encrypted. SNI also enables passive surveillance and active interference, such as selective blocking of specific domains without disrupting other traffic.

While SNI remains ubiquitous across browsers and servers, its plaintext exposure has fueled the push for encryption solutions like the discontinued ESNI and the current ECH implemented by projects like Caddy and Cloudflare.

ECH

Encrypted Client Hello (ECH) is a TLS 1.3 extension introduced in RFC 9849 (still a draft as of publication). This extension encrypts the entire ClientHello message (except for minimal public info like ciphers and versions) using Hybrid Public Key Encryption (HPKE). HPKE is a modern standard for generic hybrid encryption utilized in the Oblivious DNS over HTTPS (ODoH) experimental standard and ECH.

The process splits the ClientHello into an “inner” (the encrypted true SNI) version and an “outer” (the plaintext public SNI for routing) decoy version. Clients fetch public keys via DNS (ECHConfig), encrypt the “inner” ClientHello with padding for uniform length, then encapsulate it within an outer ClientHello featuring the public “decoy” SNI for initial routing.

ECH evolved from the experimental ESNI protocol with post-handshake acceptance signals to prevent downgrade attacks while preserving backward compatibility. Major providers who have implemented and starting using ECH include Cloudflare, Fastly, Amazon and Akamai. With their vast CDN platforms they enable easy ECH support for a large selection of websites. Software like NGINX, Apache httpd and HAProxy have added experimental support making the rollout to non-major CDN hosted websites more accessible. Caddy has by far the easiest support for ECH because of their included automated certificate requester and DNS manager, this way automated key-rollover requires no manual handlings.

Encrypted DNS

Encrypted DNS encrypts the domain name resolution, blocking ISPs from logging or blocking sites via plaintext DNS queries that precede the TLS handshake. This makes a powerful combination with ECH which encrypts the TLS handshake domain destination nullifying most advanced privacy invasion and censorship measures.

Key protocols:

• DNS over TLS (DoT)
• DNS over HTTPS (DoH)
• DNSCrypt

Public resolvers including Cloudflare, Google, Quad9 and OpenDNS support both DoT and DoH, the latter two also support the more niche DNSCrypt.

The public resolvers from dnscry.pt are highly recommended. They offer a wide locations selection supporting DoT, DoH and DNSCrypt with excellent IPv6 support and zero query logging.

Privacy and Security

ECH significantly boost privacy by encrypting SNI and ClientHello details, preventing ISPs and adversaries from censoring, profiling and monopolizing your Internet usage. Your browsing is more anonymized, especially with a large quantity of websites utilizing CDNs like Cloudflare with a diverse blend of sites.

Paired with encrypted DNS, ECH delivers end-to-end protection, leaving observers with just IP addresses and decoy “outer” SNI, making surveillance and traditional and modern deep packet inspection (DPI) obsolete.

Conclusion

ECH marks a pivotal point in TLS privacy, ECH in combination with encrypted DNS to avoid mass surveillance and censorship has been made easier without the use of military grade encrypted VPNs ;)

Stay updated for new self-hosted, privacy focused and news worthy tutorials and articles via RSS. Questions? Contact Us.