3

ESNI or ECH

Hello, there is support for ESNI or ECH?

2 replies

null
    • Pro subscriber ✓
    • DynamicNotSlow
    • 2 yrs ago
    • Reported - view

    I ask Quad9 about this and that’s their answer:

     

    “The ESNI standard was abandoned in favor of Encrypted Client Hello (ECH), which uses the same RFC Draft number: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni

    ECH is not yet an official RFC standard, so is not yet implemented in most SSL libraries, like OpenSSL: https://github.com/openssl/openssl/issues/7482

    If/When ECH becomes a standard and is implemented in upstream SSL libraries, Quad9 will use it.

    However, ECH is more important for websites, as hiding the destination domain name (dns.quad9.net) in DNS over TLS or DNS over HTTPS traffic is nice, but with 9.9.9.9 as the destination IP, the domain name doesn't reveal much that a Google search wouldn't.“

Content aside

  • 3 Likes
  • 2 yrs agoLast active
  • 2Replies
  • 979Views
  • 2 Following