Encrypted Client Hello
· One min read
in 2020, Cloudflare introduced Encrypted Client Hello (ECH) to the world. It is a TLS extension that encrypts the Client Hello message. This is a great improvement to the TLS protocol, as it hides the SNI and other information from the network. This is a great improvement to the privacy of the users.
So with ech enabled, the network will only see the IP address of the server and the IP address of the client. This is a great improvement to the privacy of the users. Your ISP will not be able to see which domain you are browsing.
Example
so when using https://www.cloudflare.com/ you can use the following command to see if ECH is enabled:
curl -svo /dev/null https://www.cloudflare.com/ 2>&1 | grep -i ech