---
_id: '60503'
abstract:
- lang: eng
  text: 'Censors have long censored Transport Layer Security (TLS) traffic by inspecting
    the domain name in the unencrypted Server Name Indication (SNI) extension. By
    encrypting the SNI extension, the Encrypted ClientHello (ECH) prevents censors
    from blocking TLS traffic to certain domains. Despite this promising outlook,
    ECH’s current capability to contest TLS censorship is unclear; for instance, Russia
    has started censoring ECH connections successfully. This paper clarifies ECH’s
    current role for TLS censorship. To this end, we evaluate servers’ support for
    ECH and its analysis and subsequent blocking by censors. We determine Cloudflare
    as the only major provider supporting ECH. Additionally, we affirm previously
    known ECH censorship in Russia and uncover indirect censorship of ECH through
    encrypted DNS censorship in China and Iran. Our findings suggest that ECH’s contribution
    to censorship circumvention is currently limited: we consider ECH’s dependence
    on encrypted DNS especially challenging for ECH’s capability to circumvent censorship.
    We stress the importance of censorship-resistant ECH to solve the long-known problem
    of SNI-based TLS censorship.'
author:
- first_name: Niklas
  full_name: Niere, Niklas
  id: '63563'
  last_name: Niere
- first_name: Felix
  full_name: Lange, Felix
  id: '67893'
  last_name: Lange
- first_name: Nico
  full_name: Heitmann, Nico
  id: '74619'
  last_name: Heitmann
  orcid: 0009-0003-7687-7044
- first_name: Juraj
  full_name: Somorovsky, Juraj
  id: '83504'
  last_name: Somorovsky
  orcid: 0000-0002-3593-7720
citation:
  ama: 'Niere N, Lange F, Heitmann N, Somorovsky J. Encrypted Client Hello (ECH) in
    Censorship Circumvention. In: ; 2025.'
  apa: Niere, N., Lange, F., Heitmann, N., &#38; Somorovsky, J. (2025). <i>Encrypted
    Client Hello (ECH) in Censorship Circumvention</i>. Free and Open Communications
    on the Internet, Washington, D.C.
  bibtex: '@inproceedings{Niere_Lange_Heitmann_Somorovsky_2025, title={Encrypted Client
    Hello (ECH) in Censorship Circumvention}, author={Niere, Niklas and Lange, Felix
    and Heitmann, Nico and Somorovsky, Juraj}, year={2025} }'
  chicago: Niere, Niklas, Felix Lange, Nico Heitmann, and Juraj Somorovsky. “Encrypted
    Client Hello (ECH) in Censorship Circumvention,” 2025.
  ieee: N. Niere, F. Lange, N. Heitmann, and J. Somorovsky, “Encrypted Client Hello
    (ECH) in Censorship Circumvention,” presented at the Free and Open Communications
    on the Internet, Washington, D.C., 2025.
  mla: Niere, Niklas, et al. <i>Encrypted Client Hello (ECH) in Censorship Circumvention</i>.
    2025.
  short: 'N. Niere, F. Lange, N. Heitmann, J. Somorovsky, in: 2025.'
conference:
  end_date: 2025-07-14
  location: Washington, D.C.
  name: Free and Open Communications on the Internet
  start_date: 2025-07-14
date_created: 2025-07-03T07:14:00Z
date_updated: 2025-10-23T14:26:38Z
ddc:
- '006'
file:
- access_level: open_access
  content_type: application/pdf
  creator: nniklas
  date_created: 2025-07-03T07:11:14Z
  date_updated: 2025-10-23T14:26:38Z
  file_id: '60505'
  file_name: foci-2025-0016.pdf
  file_size: 755171
  relation: main_file
file_date_updated: 2025-10-23T14:26:38Z
has_accepted_license: '1'
keyword:
- censorship
- circumvention
- ECH
- TLS
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://www.petsymposium.org/foci/2025/foci-2025-0016.pdf
oa: '1'
status: public
title: Encrypted Client Hello (ECH) in Censorship Circumvention
type: conference
user_id: '63563'
year: '2025'
...
---
_id: '57816'
abstract:
- lang: eng
  text: "TLS-Attacker is an open-source framework for analyzing Transport\r\nLayer
    Security (TLS) implementations. The framework allows users\r\nto specify custom
    protocol flows and provides modification hooks to\r\nmanipulate message contents.
    Since its initial publication in 2016 by\r\nJuraj Somorovsky, TLS-Attacker has
    been used in numerous studies\r\npublished at well-established conferences and
    helped to identify\r\nvulnerabilities in well-known open-source TLS libraries.
    To enable\r\nautomated analyses, TLS-Attacker has grown into a suite of projects,\r\neach
    designed as a building block that can be applied to facilitate\r\nvarious analysis
    methodologies. The framework still undergoes\r\ncontinuous improvements with feature
    extensions, such as DTLS\r\n1.3 or the addition of new dialects such as QUIC,
    to continue its\r\neffectiveness and relevancy as a security analysis framework."
author:
- first_name: Fabian
  full_name: Bäumer, Fabian
  last_name: Bäumer
- first_name: Marcus
  full_name: Brinkmann, Marcus
  last_name: Brinkmann
- first_name: Nurullah
  full_name: Erinola, Nurullah
  last_name: Erinola
- first_name: Sven Niclas
  full_name: Hebrok, Sven Niclas
  id: '55616'
  last_name: Hebrok
  orcid: 0009-0006-1172-1665
- first_name: Nico
  full_name: Heitmann, Nico
  id: '74619'
  last_name: Heitmann
  orcid: 0009-0003-7687-7044
- first_name: Felix
  full_name: Lange, Felix
  id: '67893'
  last_name: Lange
- first_name: Marcel
  full_name: Maehren, Marcel
  last_name: Maehren
- first_name: Robert
  full_name: Merget, Robert
  last_name: Merget
- first_name: Niklas
  full_name: Niere, Niklas
  id: '63563'
  last_name: Niere
- first_name: Maximilian Manfred
  full_name: Radoy, Maximilian Manfred
  id: '68826'
  last_name: Radoy
  orcid: 0009-0005-3059-6823
- first_name: Conrad
  full_name: Schmidt, Conrad
  last_name: Schmidt
- first_name: Jörg
  full_name: Schwenk, Jörg
  last_name: Schwenk
- first_name: Juraj
  full_name: Somorovsky, Juraj
  id: '83504'
  last_name: Somorovsky
  orcid: 0000-0002-3593-7720
citation:
  ama: 'Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework
    for Analyzing TLS Implementations. In: <i>Proceedings of Cybersecurity Artifacts
    Competition and Impact Award (ACSAC ’24)</i>. ; 2024.'
  apa: 'Bäumer, F., Brinkmann, M., Erinola, N., Hebrok, S. N., Heitmann, N., Lange,
    F., Maehren, M., Merget, R., Niere, N., Radoy, M. M., Schmidt, C., Schwenk, J.,
    &#38; Somorovsky, J. (2024). TLS-Attacker: A Dynamic Framework for Analyzing TLS
    Implementations. <i>Proceedings of Cybersecurity Artifacts Competition and Impact
    Award (ACSAC ’24)</i>. Annual Computer Security Applications Conference, Hawaii.'
  bibtex: '@inproceedings{Bäumer_Brinkmann_Erinola_Hebrok_Heitmann_Lange_Maehren_Merget_Niere_Radoy_et
    al._2024, title={TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations},
    booktitle={Proceedings of Cybersecurity Artifacts Competition and Impact Award
    (ACSAC ’24)}, author={Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah
    and Hebrok, Sven Niclas and Heitmann, Nico and Lange, Felix and Maehren, Marcel
    and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and et al.},
    year={2024} }'
  chicago: 'Bäumer, Fabian, Marcus Brinkmann, Nurullah Erinola, Sven Niclas Hebrok,
    Nico Heitmann, Felix Lange, Marcel Maehren, et al. “TLS-Attacker: A Dynamic Framework
    for Analyzing TLS Implementations.” In <i>Proceedings of Cybersecurity Artifacts
    Competition and Impact Award (ACSAC ’24)</i>, 2024.'
  ieee: 'F. Bäumer <i>et al.</i>, “TLS-Attacker: A Dynamic Framework for Analyzing
    TLS Implementations,” presented at the Annual Computer Security Applications Conference,
    Hawaii, 2024.'
  mla: 'Bäumer, Fabian, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS
    Implementations.” <i>Proceedings of Cybersecurity Artifacts Competition and Impact
    Award (ACSAC ’24)</i>, 2024.'
  short: 'F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange,
    M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky,
    in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
    ’24), 2024.'
conference:
  end_date: 2024-12-13
  location: Hawaii
  name: Annual Computer Security Applications Conference
  start_date: 2024-12-09
date_created: 2024-12-17T11:25:14Z
date_updated: 2025-02-27T08:02:30Z
department:
- _id: '632'
keyword:
- SSL
- TLS
- DTLS
- Protocol State Fuzzing
- Planning Based
language:
- iso: eng
publication: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
  ’24)
quality_controlled: '1'
status: public
title: 'TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations'
type: conference
user_id: '67893'
year: '2024'
...
