Experiences with implementing and deploying ECH

DEfO project (defo.ie), 2021-12-03 contact: info@defo.ie


The DEfO project implemented Encrypted ClientHello (ECH) support for OpenSSL and Conscrypt, caried out interoperability testing of those implementations, and also used those libraries to ECH-enable various web servers and clients. We deployed services using these web servers and the DNS infrastructure required to supoort automated key upated for the HTTPS RRs asociated with those services. Here we provide a short overview of that work in order to help with larger scale experiments and with further development of the ECH specification.


As part of the DEfO project, we ECH-enabled two important TLS libraries:


We ECH-enabled implemented the following TLS client applications:


We ECH-enabled implemented the following web servers:

Test tools

Amongst the test tooling we developed are:

DNS infrastructure

We deployed the non-trivial DNS infrastructure required to support ECH and hourly key rotation for the defo.ie domain. Other than for ECH key rotation that only required our standard DNS services (incl. DNSSEC).

For ECH key rotation we documented our implementation in an Internet-draft that we have proposed be standardised. (We also documented a PEM file format in another Internet-draft.)

Issues Arising

We saw the following issues that could benefit from further work to ease deployment of ECH:


ECH is demonstrably implementable and can be deployed. We don't yet know if new issues will become apparent as large-scale experiments are carried out, but we should know that in the next few months.