For decades, a critical flaw persisted in TLS—the very protocol securing internet traffic: The identity of the destination server remained exposed in plaintext during the initial handshake. Despite TLS 1.3's groundbreaking encryption improvements in 2018, this Server Name Indication (SNI) leak allowed observers to see which website a user accessed, even if the content stayed private. After seven years and 25 revisions, the IETF TLS working group has approved Encrypted Client Hello (ECH) for publication as an RFC—finally sealing this privacy gap.

The Core Challenge: Encrypting Before Encryption

TLS encryption can only begin after cryptographic parameters are negotiated, traditionally requiring some handshake data to be sent unencrypted. ECH’s genius lies in preloading encryption keys into DNS records (specifically SVCB or HTTPS resource records defined in RFC 9460). Clients fetch these records first, allowing them to encrypt the Client Hello—including the SNI—before initiating the TLS connection. 

; Example HTTPS DNS record for ECH (from cloudflare-ech.com)
_https._tcp.cloudflare-ech.com. 300 IN HTTPS 1 . \
  ech="AEj+CgBI..." \
  ipv4hint=192.0.2.1 \
  ipv6hint=2001:db8::1

Deployment Hurdles and Geopolitical Firewalls

While Cloudflare and major browsers now support ECH, significant obstacles remain:
1. DNS Security Dependency: ECH keys in DNS require DNSSEC or encrypted DNS (DoH/DoT) to prevent tampering—neither widely adopted yet.
2. The Middlebox Dilemma: Corporate networks and parental controls rely on inspecting plaintext SNI. Ubiquitous ECH could break these systems.
3. Censorship Conflicts: Russia blocked ECH in 2024 after declaring it illegal, while China actively interferes with ECH traffic. Ironically, attempting to use ECH now signals "private browsing" to surveillant regimes—potentially drawing scrutiny.

Why This Isn’t Just About Evading Censors

ECH’s value extends beyond bypassing firewalls:
- Global Privacy: Protects users from ISP tracking, coffee-shop eavesdroppers, and data brokers.
- Standardization Momentum: With RFC status, ECH becomes a baseline for future privacy enhancements.
- Extensible Design: HTTPS records can carry parameters beyond ECH, enabling future protocol upgrades.

As Ivan Ristić notes in Feisty Duck’s analysis, ECH’s success hinges on widespread adoption. Until it becomes "boringly secure" like TLS 1.3, its visibility paradoxically creates risks in the very regions it aims to protect. The cryptographic heavy lifting is complete—now the battle shifts to deployment trenches and policy arenas.

Source: Feisty Duck Cryptography & Security Newsletter, Issue 127