Using ECH with curl and wolfSSL

The Server Name Indication (SNI) extension to TLS allows the client to specify the name of the server it is trying to connect to, which allows the server to select between multiple virtual servers and present the appropriate certificate for the connection. The client sends the server name as a part of a Client Hello message. This Client Hello data is transmitted before encryption is set up for the connection so it can be observed by a third party.

The Encrypted Client Hello (ECH) extension to TLS 1.3 allows the inner Client Hello message that a TLS client sends to be encrypted. This inner Client Hello contains the actual server to be reached, while the outer Client Hello uses a generic public name that could be the same for many servers hosted by a company, for example. ECH is a much newer extension and currently is not deployed on most servers.

curl and wolfSSL both include support for ECH.

Install wolfSSL

First, the wolfssl library must be installed with ECH support.
Download the wolfSSL release and install with:

$ ./configure --enable-ech --enable-curl
$ make
$ sudo make instal

Install curl

Next, curl must be built with wolfSSL support. Example if wolfSSL was installed to /usr/local (the default):

$ ./configure --enable-ech --with-wolfssl=/usr/local
$ make
$ sudo make install

Enabling ECH

The –ech argument to curl can be used to enable ECH. It accepts a few different values such as false to not use ECH (the default), true to attempt ECH but fall back to not using it if not available, and hard to force using ECH and fail if the server does not support it.

Additionally, the –doh-url option should be supplied to curl to provide a DNS-over-HTTPS URL to use for DNS lookup.

Example Use

curl –ech hard –doh-url
https://one.one.one.one/dns-query
https://defo.ie/ech-check.php

This example uses –ech hard which will cause curl to fail if ECH cannot be used. In the returned payload, these lines are observed:

<p>SSL_ECH_OUTER_SNI: cover.defo.ie <br />
SSL_ECH_INNER_SNI: defo.ie <br />
SSL_ECH_STATUS: success <img src="greentick-small.png" alt="good" /> <br />
</p>

If we capture the traffic with Wireshark, we observe the following:

In this capture, we can see that the outer Client Hello message uses an unencrypted public server name (in this case “cover.defo.ie“) while the inner Client Hello containing the actual server name we’re trying to reach is encrypted.

In contrast, if we capture without ECH being enabled, we see the following:

Here we see that the entire Client Hello is unencrypted and the SNI server name can be observed as “defo.ie“.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Coming Soon: tiny-curl for Zephyr RTOS

At wolfSSL, we’re excited to announce plans for a tiny-curl port tailored for Zephyr RTOS. This will bring lightweight HTTPS client capabilities to one of the most widely used real-time operating systems for embedded devices.

Stay tuned for updates as we work to integrate tiny-curl’s proven functionality into the Zephyr ecosystem.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Post-Quantum Cryptography with curl

At wolfSSL, our commitment to advancing post-quantum cryptography (PQC) is stronger than ever. With the rise of quantum computing threats, securing data from “harvest now, decrypt later” attacks is a critical focus for us. That’s why we are actively enhancing curl with robust PQC support to safeguard your communications well into the quantum era.

wolfSSL implements NIST-standardized post-quantum algorithms such as ML-KEM (Kyber) for key encapsulation and ML-DSA (Dilithium) for digital signatures, documented as FIPS 203 and FIPS 204. These algorithms are optimized for both high performance and strong security.

When built with wolfSSL, curl supports quantum-resistant key exchange with ML-KEM under TLS 1.3, protecting long-term confidentiality against future decryption threats from cryptographically relevant quantum computers. To facilitate a smooth transition, wolfSSL also enables hybrid cryptography, blending classical and post-quantum algorithms for enhanced security in curl-based applications.

For details on building curl with wolfSSL’s post-quantum support, check out our GitHub pull request. To explore our broader efforts in post-quantum cryptography, check out our Post-Quantum page.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl-up 2025 Recap

Special thanks to Apify for sponsoring curl-up 2025!

The much-anticipated curl-up 2025 has wrapped up, bringing developers. Open-source enthusiasts, and industry leaders together in Prague.

Over the weekend, sixteen insightful curl-related presentations were delivered, sparking discussions not only during the sessions but also over lunches, coffee breaks, and evening gatherings.

If you missed it or want to rewatch your favorite moments, the entire event is available on the YouTube Playlist. You can also explore the Agenda Page for slides and session details.

We appreciate the dedication of the curl community and the project sponsors that made this event possible. Plans are already in motion for curl-up 2026! Stay tuned for updates!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl up 2025

Join us for curl up 2025: The Ultimate Event for curl Enthusiasts!

Mark your calendars! curl up 2025 is happening in Prague, Czech Republic, on May 3-4, 2025. This official annual developer conference for curl and libcurl brings together experts, contributors, and users from around the world. It’s the premier event for developers, engineers, and tech enthusiasts working with the curl project.

Date: May 3-4, 2025
Location: Pracovna, Vlkova 36, Praha 3 – Žižkov, 130 00, Czech Republic
Registration: Register here
Fee: Free of charge

curl up 2025 is a unique gathering that celebrates the curl community and its future. Expect insightful sessions on the current state and roadmap of the curl project, security best practices, and emerging technologies. Engage in collaborative discussions on the project’s growth, sustainability, and team expansion.

We’d love to hear from you! If there’s a topic you’re passionate about or a session you’d like to attend, let us know. Your input will help shape the agenda for curl up 2025.

Join us in supporting curl, a crucial open-source project. We are currently seeking sponsors for curl up 2025. Your sponsorship will directly contribute to a community dedicated to maintaining curl’s robustness, security, and continued free accessibility.

Mark your calendars for May 3-4, 2025, and stay tuned for registration details.

See you in Prague!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl up 2025 – Save The Date

Join us for curl up 2025: The Ultimate Event for curl Enthusiasts!

Mark your calendars! curl up 2025 is happening in Prague, Czech Republic, on May 3-4, 2025. This official annual developer conference for curl and libcurl brings together experts, contributors, and users from around the world. It’s the premier event for developers, engineers, and tech enthusiasts working with the curl project.

Date: May 3-4, 2025
Location: Pracovna, Vlkova 36, Praha 3 – Žižkov, 130 00, Czech Republic
Registration: Register here
Fee: Free of charge

curl up 2025 is a unique gathering that celebrates the curl community and its future. Expect insightful sessions on the current state and roadmap of the curl project, security best practices, and emerging technologies. Engage in collaborative discussions on the project’s growth, sustainability, and team expansion.

We’d love to hear from you! If there’s a topic you’re passionate about or a session you’d like to attend, let us know. Your input will help shape the agenda for curl up 2025.

Join us in supporting curl, a crucial open-source project. We are currently seeking sponsors for curl up 2025. Your sponsorship will directly contribute to a community dedicated to maintaining curl’s robustness, security, and continued free accessibility.

Mark your calendars for May 3-4, 2025, and stay tuned for registration details.

See you in Prague!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl Distro Discussion 2025

Join the second annual curl Distro Discussion on April 10th at 3 PM UTC (5 PM CEST). This online event brings together Linux and BSD distributions, OS maintainers, and the curl community for an in-depth two-hour conference. The event is free and open to anyone interested in improving curl’s integration within operating systems and package distributions.

Join us: curl Distro Discussion 2025
Date: April 10th | 3 PM UTC (5 PM CEST)

This is a unique opportunity for curl developers, maintainers, and distributors to discuss important aspects of curl deployment across various operating systems. Our goal is to make curl more efficient and secure within distributions.

Key discussion topics include:

  • Enhancing curl’s build system, third-party library, and documentation for distributors
  • Strategies to streamline security advisories and patch management
  • Discussion on HTTP/3, long-term support, and TLS advancements
  • Exploring Post-Quantum Cryptography in curl
  • The future of wcurl and trurl
    And more…

Feel free to add your own proposed discussion topics and sign up as an intended participant. Mark your calendar for April 10th at 3 PM UTC (5 PM CEST) and be part of shaping curl’s future in distributions and secure networking.

Check out the details of curl Distro Discussion 2025, and share this invitation with others in the open-source and security communities to help spread the word and ensure the right people are invited.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl up 2025 – Save The Date

Join us for curl up 2025: The Ultimate Event for curl Enthusiasts!

Mark your calendars! curl up 2025 is happening in Prague, Czech Republic, on May 3-4, 2025. This official annual developer conference for curl and libcurl brings together experts, contributors, and users from around the world. It’s the premier event for developers, engineers, and tech enthusiasts working with the curl project.

Date: May 3-4, 2025
Location: Pracovna, Vlkova 36, Praha 3 – Žižkov, 130 00, Czech Republic
Registration: Register here
Fee: Free of charge

curl up 2025 is a unique gathering that celebrates the curl community and its future. Expect insightful sessions on the current state and roadmap of the curl project, security best practices, and emerging technologies. Engage in collaborative discussions on the project’s growth, sustainability, and team expansion.

We’d love to hear from you! If there’s a topic you’re passionate about or a session you’d like to attend, let us know. Your input will help shape the agenda for curl up 2025.

Join us in supporting curl, a crucial open-source project. We are currently seeking sponsors for curl up 2025. Your sponsorship will directly contribute to a community dedicated to maintaining curl’s robustness, security, and continued free accessibility.

Mark your calendars for May 3-4, 2025, and stay tuned for registration details.

See you in Prague!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl Distro Discussion 2025 – Save The Date

Join the second annual curl Distro Discussion on April 10th at 3 PM UTC (5 PM CEST). This online event brings together Linux and BSD distributions, OS maintainers, and the curl community for an in-depth two-hour conference. The event is free and open to anyone interested in improving curl’s integration within operating systems and package distributions.

Join us: curl Distro Discussion 2025
Date: April 10th | 3 PM UTC (5 PM CEST)

This is a unique opportunity for curl developers, maintainers, and distributors to discuss important aspects of curl deployment across various operating systems. Our goal is to make curl more efficient and secure within distributions.

Key discussion topics include:

  • Enhancing curl’s build system, third-party library, and documentation for distributors
  • Strategies to streamline security advisories and patch management
  • Discussion on HTTP/3, long-term support, and TLS advancements
  • Exploring Post-Quantum Cryptography in curl
  • The future of wcurl and trurl
    And more…

Feel free to add your own proposed discussion topics and sign up as an intended participant. Mark your calendar for April 10th at 3 PM UTC (5 PM CEST) and be part of shaping curl’s future in distributions and secure networking.

Check out the details of curl Distro Discussion 2025, and share this invitation with others in the open-source and security communities to help spread the word and ensure the right people are invited.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

curl up 2025 – Save The Date

Join us for curl up 2025: The Ultimate Event for curl Enthusiasts!

Mark your calendars! curl up 2025 is happening in Prague, Czech Republic, on May 3-4, 2025. This official annual developer conference for curl and libcurl brings together experts, contributors, and users from around the world. It’s the premier event for developers, engineers, and tech enthusiasts working with the curl project.

Date: May 3-4, 2025
Location: Pracovna, Vlkova 36, Praha 3 – Žižkov, 130 00, Czech Republic
Registration: Register here
Fee: Free of charge

curl up 2025 is a unique gathering that celebrates the curl community and its future. Expect insightful sessions on the current state and roadmap of the curl project, security best practices, and emerging technologies. Engage in collaborative discussions on the project’s growth, sustainability, and team expansion.

We’d love to hear from you! If there’s a topic you’re passionate about or a session you’d like to attend, let us know. Your input will help shape the agenda for curl up 2025.

Join us in supporting curl, a crucial open-source project. We are currently seeking sponsors for curl up 2025. Your sponsorship will directly contribute to a community dedicated to maintaining curl’s robustness, security, and continued free accessibility.

Mark your calendars for May 3-4, 2025, and stay tuned for registration details.

See you in Prague!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2