Intent to experiment and ship: Encrypted Client Hello

[Dennis Jackson]

Encrypted Client Hello (ECH) has been behind a pref in Firefox for over a year, enabled only in Nightly. Over the coming releases, we plan to continue experimentation and proceed to a roll out with the final schedule depending on whether we run into any issues with network incompatibility.

Summary:

ECH enhances the privacy of TLS connections made by the browser by encrypting the initial packet sent at the start of the TLS connection which contains sensitive information. ECH requires server-side support in order to be effective. If ECH support is not available, then a GREASE extension containing random data is added to the TLS Client Hello which is ignored by the server.

Bug: https://bugzil.la/1725938

Specification: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/16/

Standards Body: IETF, TLS WG

Platform Coverage: All

Preferences:

network.dns.echconfig.enabled - True
network.dns.http3_echconfig.enable - True
network.dns.force_waiting_https_rr - True
security.tls.ech.grease_probability - 100
security.tls.ech.grease_http3 - True





ECH support also requires a DoH server to be configured in Firefox (either from the default list or a custom self-hosted server). This is because ECH depends on a special type of DNS record and is only effective if these DNS records are fetched over an encrypted connection. ECH respects all existing DoH opt outs (canary, pref, enterprise policy) and ECH will not be used to encrypt any ClientHellos if DoH is disabled or opted out.

DevTools bug: None
Standards position: Positive - https://github.com/mozilla/standards-positions/issues/139
Web platform tests: None (TLS Feature)

Test Sites:

https://www.cloudflare.com/ssl/encrypted-sni/
https://tls-ech.dev/
https://defo.ie/ech-check.php

Other Browsers:

Blink - Experimental Support - https://groups.google.com/a/chromium.org/g/blink-dev/c/KrPqrd-pO2M/m/wqVwcQ6tBgAJ

Webkit - Unknown / Presume Not Implemented