Encrypted Client Hello (ECH) in Censorship Circumvention

N. Niere, F. Lange, N. Heitmann, J. Somorovsky, in: 2025.

Download
Restricted foci-2025-0016.pdf 755.17 KB
Conference Paper | English
Abstract
Censors have long censored Transport Layer Security (TLS) traffic by inspecting the domain name in the unencrypted Server Name Indication (SNI) extension. By encrypting the SNI extension, the Encrypted ClientHello (ECH) prevents censors from blocking TLS traffic to certain domains. Despite this promising outlook, ECH’s current capability to contest TLS censorship is unclear; for instance, Russia has started censoring ECH connections successfully. This paper clarifies ECH’s current role for TLS censorship. To this end, we evaluate servers’ support for ECH and its analysis and subsequent blocking by censors. We determine Cloudflare as the only major provider supporting ECH. Additionally, we affirm previously known ECH censorship in Russia and uncover indirect censorship of ECH through encrypted DNS censorship in China and Iran. Our findings suggest that ECH’s contribution to censorship circumvention is currently limited: we consider ECH’s dependence on encrypted DNS especially challenging for ECH’s capability to circumvent censorship. We stress the importance of censorship-resistant ECH to solve the long-known problem of SNI-based TLS censorship.
Publishing Year
Conference
Free and Open Communications on the Internet
Conference Location
Washington, D.C.
Conference Date
2025-07-14 – 2025-07-14
LibreCat-ID

Cite this

Niere N, Lange F, Heitmann N, Somorovsky J. Encrypted Client Hello (ECH) in Censorship Circumvention. In: ; 2025.
Niere, N., Lange, F., Heitmann, N., & Somorovsky, J. (2025). Encrypted Client Hello (ECH) in Censorship Circumvention. Free and Open Communications on the Internet, Washington, D.C.
@inproceedings{Niere_Lange_Heitmann_Somorovsky_2025, title={Encrypted Client Hello (ECH) in Censorship Circumvention}, author={Niere, Niklas and Lange, Felix and Heitmann, Nico and Somorovsky, Juraj}, year={2025} }
Niere, Niklas, Felix Lange, Nico Heitmann, and Juraj Somorovsky. “Encrypted Client Hello (ECH) in Censorship Circumvention,” 2025.
N. Niere, F. Lange, N. Heitmann, and J. Somorovsky, “Encrypted Client Hello (ECH) in Censorship Circumvention,” presented at the Free and Open Communications on the Internet, Washington, D.C., 2025.
Niere, Niklas, et al. Encrypted Client Hello (ECH) in Censorship Circumvention. 2025.
All files available under the following license(s):
Creative Commons Attribution 4.0 International Public License (CC-BY 4.0):
Main File(s)
File Name
foci-2025-0016.pdf 755.17 KB
Access Level
Restricted Closed Access
Last Uploaded
2025-07-03T07:11:14Z


Link(s) to Main File(s)
Access Level
Restricted Closed Access

Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar