DEfO project LogoDeveloping ECH for OpenSSL (DEfO)

The encrypted ClientHello (ECH) mechanism (draft-spec) is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project has developed an implementation of ECH for OpenSSL, and proof-of-concept implementations of various clients and servers that use OpenSSL as a demonstration and for interoperability testing. DEfO is funded by the Open Technology Fund (OTF). Tolerant Networks Ltd. and people from the Guardian Project are doing the work in DEfO.

This site is for ECH interoperability testing. You can read our latest ECH Interop Report. The table below indicates the various combinations of server technology supported here.

Code

Our most recent code is now under the github defo project organisation. As of 2025-01-08, we're about half-way through the process of upstreaming that code into the OpenSSL project ECH feature branch. Earlier versions were developed e.g. here.

Test Servers Here

This VM used be our main test server, but that's also changed - we've a more recent test setup at test.defo.ie. We'll keep this setup running too though.

This is not a highly-scalable hugely-tested thing - let us know if you find any issues, but do expect to find issues - that's what this site is for after all!

What's deployed on this VM is:

Server Technology URL/host:port details
nginx https://defo.ie/ech-check.php a web page that tells you if ECH was used
OpenSSL s_server https://draft-13.esni.defo.ie:8413/stats for "normal ECH" or
https://draft-13.esni.defo.ie:8414/stats for one that forces HRR to P-384
lighttpd 1.4 https://draft-13.esni.defo.ie:9413/
nginx https://draft-13.esni.defo.ie:10413/
apache2 https://draft-13.esni.defo.ie:11413/
haproxy https://draft-13.esni.defo.ie:12413/ - haproxy shared mode (haproxy terminates TLS)
https://draft-13.esni.defo.ie:12414/ - haproxy split mode (haproxy only decrypts ECH)

ECH public keys for those servers are published in the DNS and are rotated hourly (at :42 currently, with a 1800 second TTL). We currently publish one HTTPS RR for each service containing an ECH configuration list with up to 3 public keys. (The three public keys thing is arguably not useful for clients, but it's useful for us for now, to test our provisioning scripts.)

To view the HTTPS RR for defo.ie use: "$ dig https defo.ie" but for services on other ports you have to use "$ dig https _10413._https.draft-13.esni.defo.ie" or similar.

It's not one of ours, but Cloudflare also have a test server at https://cloudflare-ech.com/cdn-cgi/trace.

Clients

Firefox and recent chromium-based browsers support ECH by default.

With our "openssl s_client" build, for each of the servers running on draft-13.esni.defo.ie you can test using e.g: "echcli.sh -p 8413 -H draft-13.esni.defo.ie" That script will also work against Cloudflare as it's default. Add a "-d" to the command line for (lots of) tracing, use "-h" for usage instructions.

curl, has experimental support for HTTPS resource records and ECH, for both OpenSSL and WolfSSL, so you can follow the build and test instructions to get a working ECH-enabled curl.

golang and rustls now support ECH client side processing and we also have a python build with ECH client support.

Contact

Anyone who is interested in implementing #TLS Encrypted ClientHello, please reach out and we will help where we can. We can certainly answer questions, and will try to help with code when possible.

More implementations

The TLS WG maintain a page with information about our and other implementations.

Tolerant Networks Logo
This fine domain brought to you by Tolerant Networks Limited.
Last modified: 2023-1-21, but who cares?
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.