Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello (ECH), an evolutionary step from Encrypted Server Name Indication (ESNI).
In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security (TLS) SNI extension to Firefox Nightly.
While aiming to better protect against eavesdropping, SNI was found to leak the identity of visited websites during the initial TLS handshake. An extension to TLS 1.3 and above, ESNI was meant to address the data leakage through replacing the SNI extension in Client Hello with an encrypted variant. Client Hello is the first message exchanged in the TLS handshake process.
Only encrypting the SNI extension, however, was found to deliver incomplete protection, while ESNI’s use in the real-world was deemed challenging from both interoperability and deployment perspectives, thus preventing it from being widely adopted.
ECH aims to address the issue with ESNI by encrypting the entire Client Hello message, instead of only the SNI extension. The modification was added to the recent versions of the ESNI specification and was also accompanied by a change in name.
By encrypting the entire handshake, ECH keeps metadata secret, thus protecting the SNI from eavesdroppers on the network. Additionally, it ensures that more security features and improvements can be added to TLS with minimum impact on user privacy, Cloudflare explains.
With the new privacy feature enabled, Firefox ensures that an encrypted “ClientHelloInner” is used for the TLS handshake when connecting to a server that supports ECH. The “ClientHelloInner” is an extension to the unencrypted “ClientHelloOuter.”
While working with Cloudflare to have the ECH specification standardized at the IETF, Mozilla is also moving forth with implementing the feature in its browser. Thus, Firefox 85 will switch from ESNI to ECH draft-08, but users should expect an update to draft-09 soon.
For those who have enabled ESNI in Firefox, the about:config option for ESNI is gone, but they can manually enable ECH before it becomes default, by heading to about:config. ECH, however, will only be used with servers that support it.
“While ECH is under active development, its availability may be intermittent as it requires both the client and server to support the same version. As always, settings exposed only under about:config are considered experimental and subject to change,” Mozilla points out.
Related: Mozilla Brings Encrypted SNI to Firefox Nightly
Related: DNS-over-HTTPS Coming to Firefox