DEfO project LogoDeveloping ECH for OpenSSL (DEfO)

The encrypted ClientHello (ECH) mechanism (draft-spec) is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implementation of ECH for OpenSSL, and various clients and servers that use OpenSSL as a demonstration and for interoperability testing. DEfO was initially funded by the Open Technology Fund, and subsequently by the National Democratic Initiative. Tolerant Networks Ltd. and people from the Guardian Project are doing the work in DEfO.

This site is for ECH (and ESNI, which is the name for an earlier version of ECH) interoperability testing. The matrix below indicates the various combinations of draft specification and server technology supported here. We aim to more fully fill in and expand that matrix over time. `

This is not a highly-scalable hugely-tested thing - let us know if you find any issues, but do expect to find issues - that's what this site is for after all!

As of 20210902 we're starting interop testing of our draft-13 code. That's very bleeding edge, but is the latest interop target.

Earlier (20210609), our clients and servers were based on draft-10 of the ECH spec, which was the agreed interop target at that point. Back in 2019 we deployed draft-02 as some versions of firefox supported that at the time.


So what's deployed here is:

Server Technology draft-13 draft-10 draft-02 (very old)
OpenSSL s_server for "normal" or for one that forces HRR to P-384
lighttpd 1.4
haproxy - haproxy shared mode (haproxy terminates TLS) - haproxy split mode (haproxy only decrypts ECH)
N/A - skipped to draft-13 N/A - no draft-02 version

ECH public keys for those servers are published in the DNS. We don't currently rotate those keys, except for the draft-02 keys that are rotated hourly.


At the time of writing no browser yet supports draft-13 or draft-10. So to test you need to build from source for either our openssl s_client or curl.

With "s_client" for each the server running on you can test using e.g:
"$HOME/code/openssl/esnistuff/ -p 8413 -H -d "

For curl, you can follow our build and test instructions.

Contact us at

More implementations

The TLS WG maintain a page with information about our and other implementations.

Tolerant Networks Logo
This fine domain brought to you by My-Own.Net a Tolerant Networks Limited production.
Last modified: 2021-09-11, but who cares?
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.