CloudFlare has supported it since 2023:

arcfour • yesterday at 7:09 PM • 2 replies • view on HN

CloudFlare has supported it since 2023: https://blog.cloudflare.com/announcing-encrypted-client-hell... Firefox has had it enabled by default since version 119: https://support.mozilla.org/en-US/kb/faq-encrypted-client-he... so you can use it today.

Replies

1vuio0pswjnm7 • yesterday at 11:28 PM

"... so you can use it today."

What if he wanted to use it for requesting blog.cloudflare.com

   ;; ANSWER SECTION:
   blog.cloudflare.com. 300 IN HTTPS 1 . alpn="h3,h2" ipv4hint=104.18.28.7,104.18.29.7 ipv6hint=2606:4700::6812:1c07,2606:4700::6812:1d07

Where are the ECH keys

For example,

   ;; ANSWER SECTION:
   test.defo.ie. 300 IN HTTPS 1 . ech="AEb+DQBCqQAgACBlm7cfDx/gKuUAwRTe+Y9MExbIyuLpLcgTORIdi69uewAEAAEAAQATcHVibGljLnRlc3QuZGVmby5pZQAA"

   ;; ANSWER SECTION:
   cloudflare-ech.com. 300 IN HTTPS 1 . alpn="h3,h2" ipv4hint=104.18.10.118,104.18.11.118 ech="AEX+DQBBpQAgACB/RU5hAC5mXe3uOZtNY58Bc8UU1cd4QBxQzqirMlWZeQAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA=" ipv6hint=2606:4700::6812:a76,2606:4700::6812:b76

It's true one can "use it today". One could use it for the past several years as well. The software has been around for a while

But ECH has never been consistently enabled for the general public beyond a small number of test sites that are only for testing ECH

bombcar • yesterday at 7:21 PM

https://tls-ech.dev indicates that Safari doesn't support it, but Chrome does.

➕ show 1 reply

alt Hacker News

Replies