Encrypted Client Hello (ECH) has been finalized as RFC 9849 after eight years of development, with major browsers already supporting it. ECH encrypts the TLS handshake to prevent network observers from identifying destination domains. Server-side adoption is still early — Cloudflare supports it, OpenSSL 4.0 just added support, and Nginx 1.30.0 includes it. Key challenges remain: governments and enterprises can still block ECH by detecting the static outer domain name used during handshakes, and obtaining ECH bootstrapping configuration via DNS is difficult in censored environments where plaintext DNS can be forged and DNS-over-HTTPS is blocked. The path to effective privacy requires both technical fixes to the stale-config problem and sufficient ecosystem adoption to achieve safety in numbers.
Table of contents
Cryptography & Security NewsletterECH Adds Confidentiality to TLS HandshakesPrivacy’s Powerful EnemiesWe’re Not There YetSafety in NumbersPQCCryptographyPrivacyPKIOtherSort: