Encrypted Client Hello on cloudflare.com?


After the move from ESNI to ECH (draft-ietf-tls-esni-12), I’m trying to understand and test the ECH feature as announced here https://blog.cloudflare.com/encrypted-client-hello . I’m unable to get ECH config keys from cloudflare.com HTTPS DNS records. I also tried sending a Dummy values to get updated ECH values from cloudflare.com which didn’t work.

I don’t know if I’m doing this right … How can I use this feature properly ?

But have you enabled it in your Web browser firstly, if the Web browser is in “developer” or “beta” or “nightly” mode which obviously should have this, either as an experimental feature?

I used this GitHub - cloudflare/go: Stable Go with Cloudflare (experimental) patches and backports from tip with a test golang program I made. It seems that currently crypto.cloudflare.com has ech keys but for cloudflare-esni.com only. Tried them with cloudflare.com, It didn’t work.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.