The Server Name Indication (SNI) extension to TLS allows the client to specify the name of the server it is trying to connect to, which allows the server to select between multiple virtual servers and present the appropriate certificate for the connection. The client sends the server name as a part of a Client Hello message. This Client Hello data is transmitted before encryption is set up for the connection so it can be observed by a third party.
The Encrypted Client Hello (ECH) extension to TLS 1.3 allows the inner Client Hello message that a TLS client sends to be encrypted. This inner Client Hello contains the actual server to be reached, while the outer Client Hello uses a generic public name that could be the same for many servers hosted by a company, for example. ECH is a much newer extension and currently is not deployed on most servers.
curl and wolfSSL both include support for ECH.
Install wolfSSL
First, the wolfssl library must be installed with ECH support.
Download the wolfSSL release and install with:
$ ./configure --enable-ech --enable-curl $ make $ sudo make instal
Install curl
Next, curl must be built with wolfSSL support. Example if wolfSSL was installed to /usr/local (the default):
$ ./configure --enable-ech --with-wolfssl=/usr/local $ make $ sudo make install
Enabling ECH
The –ech argument to curl can be used to enable ECH. It accepts a few different values such as false to not use ECH (the default), true to attempt ECH but fall back to not using it if not available, and hard to force using ECH and fail if the server does not support it.
Additionally, the –doh-url option should be supplied to curl to provide a DNS-over-HTTPS URL to use for DNS lookup.
Example Use
curl –ech hard –doh-url
https://one.one.one.one/dns-query
https://defo.ie/ech-check.php
This example uses –ech hard which will cause curl to fail if ECH cannot be used. In the returned payload, these lines are observed:
<p>SSL_ECH_OUTER_SNI: cover.defo.ie <br /> SSL_ECH_INNER_SNI: defo.ie <br /> SSL_ECH_STATUS: success <img src="greentick-small.png" alt="good" /> <br /> </p>
If we capture the traffic with Wireshark, we observe the following:
In this capture, we can see that the outer Client Hello message uses an unencrypted public server name (in this case “cover.defo.ie“) while the inner Client Hello containing the actual server name we’re trying to reach is encrypted.
In contrast, if we capture without ECH being enabled, we see the following:
Here we see that the entire Client Hello is unencrypted and the SNI server name can be observed as “defo.ie“.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now