Encrypted Client Hello (ECH) has been approved for publication as an RFC after seven years of development, solving TLS 1.3's limitation of exposing server identity in plaintext. ECH uses special encryption keys stored in DNS SVCB/HTTPS records to encrypt the client hello message. While major browsers and Cloudflare support ECH, some countries like Russia have blocked it, creating a privacy paradox where using ECH can make users identifiable to authorities. The technology faces deployment challenges from middleboxes and corporate networks that rely on TLS handshake visibility.
Sort: