Hello, there is support for ESNI or ECH?

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi, according to this tool NextDNS supports ESNI.

    Like 1
  • I ask Quad9 about this and that’s their answer:


    “The ESNI standard was abandoned in favor of Encrypted Client Hello (ECH), which uses the same RFC Draft number: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni

    ECH is not yet an official RFC standard, so is not yet implemented in most SSL libraries, like OpenSSL: https://github.com/openssl/openssl/issues/7482

    If/When ECH becomes a standard and is implemented in upstream SSL libraries, Quad9 will use it.

    However, ECH is more important for websites, as hiding the destination domain name (dns.quad9.net) in DNS over TLS or DNS over HTTPS traffic is nice, but with as the destination IP, the domain name doesn't reveal much that a Google search wouldn't.“

Like3 Follow
  • 4 wk agoLast active
  • 2Replies
  • 135Views
  • 4 Following