Encrypted Client Hello

[makeworld]

If I host my website on a VPS, is ECH possible? Seems like it's only useful when IP addresses are shared across a bunch of sites.

[dilyevsky]

Yes, but if you use dedicated IP it is kind of like pointless. If you use shared IP of your VPS provider (or Cloudflare) then yes fr

[politelemon]

If I'm understanding the draft correctly, I think the webserver you're hosting your sites on would need it implemented as it requires private keys and ECH configuration. In the example of nginx since it uses openssl, openssl would need to implement it. I found an issue on their Github but it's still open: https://github.com/openssl/openssl/issues/7482

[cosmosgenius]

ECH can be enabled depending on the Terminating TLS server used. (not sure which one implements it now) But you are right in the sense its used for multiple sites to one IP. Essentially ECH is protection for SNI, ALPN, which are plaintext in non-ECH.