This document describes a mechanism in Transport Layer Security (TLS) for
encrypting a  ClientHello  message under a server public key.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

RFC 9849 specifies the TLS Encrypted Client Hello (ECH) mechanism, which encrypts the ClientHello message under a server public key to prevent metadata leakage. The spec details how a client-facing server processes incoming ECH extensions: it collects candidate ECHConfig values, attempts decryption using HPKE (SetupBaseR/context.Open), verifies cipher suite and version compatibility, and forwards the decrypted ClientHelloInner to the backend server. It also covers HelloRetryRequest handling, fallback behavior when decryption fails (including GREASE ECH), and requirements for retry_configs in EncryptedExtensions. Servers must abort with specific alerts for malformed or inconsistent ECH parameters.

RFC 9849: TLS Encrypted Client Hello