Say hello to Encrypted Client Hello

Way back in 2018, Craig Andrews raised an issue asking if the OpenSSL Library would support a proposed standard that’s now called Encrypted Client Hello (ECH). On March 3, 2026 the standard was published and that issue was closed a few hours later. As of OpenSSL 4.0, OpenSSL will support ECH, which advances our mission that is “quietly safeguarding millions of users”.

But what is ECH and how does it help keep user data private?

The OpenSSL Library initially solved the problem of protecting data by encrypting content. The data you send to and receive from secure websites (which is nearly all of them these days) can’t be viewed by other observers. It’s like writing a letter in a code that only the intended recipient can decode. If it gets intercepted, the message doesn’t give up its meaning.

But sometimes the context also matters. For example, the information on the envelope itself, especially the address a letter is sent to, could give away a secret. Obviously you can’t just encrypt the address on an envelope because how would the mail carrier know where to deliver the message? But researchers have devised clever techniques to do just that on the internet.

Instead of sending a letter directly, someone concerned about security might put their letter in an inner envelope addressed to the final recipient and then put that into another envelope addressed to a trusted intermediary. When the intermediary receives the letter, it removes the outer envelope and reposts the inner envelope. That way anyone who intercepts the letter will only know that the letter came from the intermediary. If many people use that intermediary, it’s not possible to trace any of the interior envelopes back to their sender. 

When someone enters an internet address in their web browser, the first message the browser sends to that address is called the Client Hello. In this scenario, the browser is the “client” and it makes the initial greeting saying the internet equivalent of “hello”. Critically, this message included the name of the server the client intends to communicate with. After that initial message, most of the rest of the interaction is encrypted to prevent an observer from understanding the communication. Enter Encrypted Client Hello, which encrypts almost all of that initial message including the address of the server. 

Most of the time revealing what sites you visit doesn’t matter much. But we can all imagine times when we’d rather not have the sites we visit connected to us. For people whose internet access is actively monitored and controlled, perhaps by a repressive government, ECH could be a vitally important protection. Indeed, there have been reports of governments pre-emptively blocking sites that have ECH enabled. As the standard becomes widely adopted, it becomes harder to censor the internet.

How can I help?

• If you develop applications that use the OpenSSL Library, consult the Encrypted ClientHello (ECH) APIs design documentation and the echecho sample application. ECH is available in the 4.0 Alpha which was released on March 10, 2026. Alternatively, get the source code from the master branch on GitHub and follow the installation instructions.
• If you manage a webserver, consider enabling ECH. The NGNIX blog has a good guide. The Developing ECH for OpenSSL (DEfO) Project has demonstrated integrations with other applications.
• Most popular browsers support ECH by default. To get the full benefit, it might be necessary to also enable a related technology called DNS over HTTPS (DoH). Cloudflare has instructions for many popular browsers to use their free service. 
• Consider giving to the OpenSSL Foundation. Our staff guided this complicated process from start to finish.

Please join us in thanking Stephen Farrell who implemented ECH as a part of the DEfO project. He spoke about the process at the OpenSSL Conference.

Photo by Anne Nygård on Unsplash

‍