The OpenSSL Library now supports Encrypted Client Hello (ECH)
9 views
Skip to first unread message
Blog on OpenSSL Library
Mar 11, 2026, 9:00:36 PM (13 days ago) Mar 11
to openss...@openssl.org
Previous posts about the upcoming OpenSSL 4.0 release:
1. [removing ENGINE code](https://openssl-library.org/post/2025-12-18-remove-engines)
2. [removing deprecated functions for creating or modifying custom METHODS](https://openssl-library.org/post/2026-02-03-remove-methods)
3. [no longer registering a function via atexit function](https://openssl-library.org/post/2026-02-19-remove-atexit)
## Summary
The OpenSSL Library now supports Encrypted Client Hello (ECH) specified in
[RFC 9849](https://www.rfc-editor.org/rfc/rfc9849.txt), which was published
this month. Applications that implement this standard will be able to encrypt
sensitive information that is currently transmitted in plaintext in the TLS
1.3 handshake. In particular, ECH can protect the client's target server name
from being revealed to third parties.
URL: https://openssl-library.org/post/2026-03-11-ech/
1. [removing ENGINE code](https://openssl-library.org/post/2025-12-18-remove-engines)
2. [removing deprecated functions for creating or modifying custom METHODS](https://openssl-library.org/post/2026-02-03-remove-methods)
3. [no longer registering a function via atexit function](https://openssl-library.org/post/2026-02-19-remove-atexit)
## Summary
The OpenSSL Library now supports Encrypted Client Hello (ECH) specified in
[RFC 9849](https://www.rfc-editor.org/rfc/rfc9849.txt), which was published
this month. Applications that implement this standard will be able to encrypt
sensitive information that is currently transmitted in plaintext in the TLS
1.3 handshake. In particular, ECH can protect the client's target server name
from being revealed to third parties.
URL: https://openssl-library.org/post/2026-03-11-ech/
Reply all
Reply to author
Forward
0 new messages