DEfO project Logo Developing ESNI for OpenSSL (DEfO)

Encrypted server name indication (ESNI) is a way to plug a privacy-hole that remains in the Transport Layer Security (TLS) protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implmentation of ESNI for OpenSSL, and an ESNI-enabled web server as a demonstration and for interoperability testing. Over time, DEfO will demonstrate integration of ESNI with other tools that use TLS. DEfO is funded by the Open Technology Fund. Tolerant Networks Ltd. and people from the Guardian Project will be doing the work in DEfO.

This site is for ESNI interoperability testing. There are a number of web origins hosted at this IP address:

The first two sites above are ESNI-enabled. The last two are not.

This is not a highly-scalable hugely-tested thing - let us know if you find any issues, but do expect to find issues - that's what this site is for after all!

Our OpenSSL fork supporting ESNI is on github.

The ESNI-enabled sites above support both draft-02 and draft-03 of the ESNI specification. As far as we know others only support draft-02 for now.

To try out ESNI, follow these instructions from Mozilla and Cloudflare, and once that's working, come back and visit one of the ESNI-enabled URLs above.

Contact us at

Tolerant Networks Logo
This fine domain brought to you by My-Own.Net a Tolerant Networks Limited production.
Last modified: 2019-06-17, but who cares?
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.