In early 2023 wolfSSL added support for the Encrypted Client Hello draft extension for TLS 1.3 (formerly known as Encrypted Server Name Indication(ESNI)). The Encrypted Client Hello (ECH) extension encrypts the client_hello message meant for a TLS 1.3 server and sends it as an extension of an outer client_hello that has the sensitive fields removed. This encryption obfuscates the sensitive parts of the client_hello (such as the Server Name Indication (SNI)) from any passive observer that may capture the client_hello.
Why use ECH?
Data in the client hello can be used to identify which site a client is trying to access behind a reverse proxy, which may be used to track the user across the internet or disrupt a reverse proxy by identifying the number of servers active or where the server may be geographically. If you would like more detailed information on ECH, check out the draft extension and for more information on reverse proxies checkout Cloudflare’s article on proxies.
We recently added a new example of how to set up our TLS 1.3 server to use ECH, available at https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-ech-local.c along with an example client that will set the ECH configs out of band and then connect to it https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-ech-local.c. When the server starts it creates ech-configs, which are a list of Hybrid Public Key Encryption (HPKE) keys and server names that the server will accept for an ECH connection. Once the configs are generated they can be shared out of band with the client or can be obtained through the retry-configs method by connecting and disconnecting the client with a GREASE ECH. In this example the server will print out the base64 encoded configs that can then be passed to the example client as a command line argument and it will load the configs and use them for ECH. In a typical real world application the ECH configs would be published as a DNS record that the client’s web server fetches but that is outside the scope of wolfSSL.
For more information on HPKE check out our blog post. For an example of how to obtain ECH configs through the retry-configs method, check out our other ECH example. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.