christopher 🔜 EMFMay 27
ClouDNS (an EU DNS provider) can now support #ECH -related DNS records
maschmiMay 2

Revision 709: HTTP/3 und WebTransport, mit Max Inden | Working Draft

https://workingdraft.de/709/

Das war ein echt schöner Überblick über QUIC, HTTP/3, DoH und ECH. Auch immer mit einem "warum" mit schwingend.

Danke @mxinden 🙏

#http3 #ECH #quic #internet

Revision 709: HTTP/3 und WebTransport, mit Max Inden | Working Draft

Diese Woche ist Max Inden (Mastodon) von Mozilla zu Gast. Mit ihm sprechen wir über den Networking-Stack von Firefox und arbeiten uns dabei von HTTP/1 über HTTP/2 bis zu HTTP/3 und QUIC vor. Ausgangsp…

LobstersApr 30

ECH Is Done, But Can We Make It Work?

https://www.feistyduck.com/newsletter/issue_136_ech_is_done_but_can_we_make_it_work

#ECH #Privacy #Tech

ECH Is Done, But Can We Make It Work? | Feisty Duck

John ShaftApr 20

Ah #OpenSSL 4.0.0 est sorti la semaine dernière. Je note :

- Le support de SSLv3 dégage pour de bon
- Arrivée des salutations chiffrées (#ECH)
- Plus de crypto du turfu (post-quantique)

https://github.com/openssl/openssl/releases/tag/openssl-4.0.0

Release OpenSSL 4.0.0 · openssl/openssl

OpenSSL 4.0.0 is a feature release adding significant new functionality to OpenSSL. This release incorporates the following potentially significant or incompatible changes: Removed extra leading ...

GitHub
YOOTAApr 18

OpenSSL 4.0 Strengthens Privacy and Removes Legacy Protocols

OpenSSL 4.0.0 adds Encrypted Client Hello to protect browsing privacy, removes obsolete protocols, and introduces post-quantum cryptography.

https://yoota.it/en/openssl-4-0-strengthens-privacy-and-removes-legacy-protocols/

YOOTAApr 18

OpenSSL 4.0: privacy rafforzata e addio ai protocolli vecchi

OpenSSL 4.0.0 arriva con il supporto a Encrypted Client Hello per proteggere la privacy nella navigazione, rimuove protocolli obsoleti e introduce crittografia post-quantum.

https://yoota.it/openssl-4-0-privacy-rafforzata-e-addio-ai-protocolli-vecchi/

Harry SintonenApr 16
#OpenSSL 4.0.0 ported and we have #curl #ECH
Gea-Suan LinApr 15

https://blog.gslin.org/archives/2026/04/15/12990/openssl-4-0-0-%e6%94%af%e6%8f%b4-ech/

OpenSSL 4.0.0 支援 ECH

#client #ech #encrypted #hello #openssl #privacy

OpenSSL 4.0.0 支援 ECH

在 Lobsters 上看到 OpenSSL 4.0.0 的 release note:「OpenSSL 4.0.0」。 雖然是 4.0.0,但裡面其實不算是大改版,這次比較吸引人的就是支援 ECH (Encrypted Client Hello) 了: Support for Encrypted Client Hello (ECH, RFC 9849). See doc/designs/ech-api.md for details.

Gea-Suan Lin's BLOG
kpcyrd 🏳️‍🌈🏴Apr 6

I pushed curl-rustls-8.19.0-3-x86_64.pkg.tar.zst to Arch Linux, with this version it's now possible to encrypt the TLS client hello:

curl-rustls -sSv --ech hard --doh-url='https://dns.mullvad.net/dns-query' 'https://defo.ie/ech-check.php'

Should display:

<p>SSL_ECH_OUTER_SNI: cover.defo.ie <br />
SSL_ECH_INNER_SNI: defo.ie <br />

The --doh-url is mandatory, otherwise curl won't query the `https` dns records (dig +short https defo.ie).

For opportunistic ECH use `--ech true`.

#archlinux #curl #ech

CyberVeille.chApr 3

📢 RFC 9849 : Publication du standard TLS Encrypted Client Hello (ECH) par l'IETF
📝 ## 🌐 Contexte

Publié le 3 mars 2026 sur le datatracker de l'IETF (https://datatracker.ietf.org/doc/rfc9849/), ce document constitue la **RFC 9849**, un standard de la catégorie *Standa...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-04-rfc-9849-publication-du-standard-tls-encrypted-client-hello-ech-par-l-ietf/
🌐 source : https://datatracker.ietf.org/doc/rfc9849/
#ECH #HPKE #Cyberveille

RFC 9849: TLS Encrypted Client Hello

This document describes a mechanism in Transport Layer Security (TLS) for encrypting a message under a server public key.

IETF Datatracker