Skip to content
@defo-project

DEfO Project

Developing ECH for OpenSSL
README.md

Developing ECH for OpenSSL (DEfO)

The encrypted ClientHello (ECH) mechanism (RFC 9849) is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project has developed an implementation of ECH for OpenSSL, and proof-of-concept implementations of various clients and servers that use OpenSSL as a demonstration and for interoperability testing. DEfO is funded by the Open Technology Fund (OTF). Tolerant Networks Ltd. and people from the Guardian Project are doing the work in DEfO.

This organisation is where we keep our various ECH-enabled code repos and our ech-dev-utils repo that has HOWTOs, test scripts and other ancillary ECH developer content. That's the place to start if you want to play with these ECH-enabled packages.

Builder/CI status for repos

The ECH APIs used in these repos are those agreed with OpenSSL maintainers, which will be part of the OpenSSL 4.0 release, and (other than for split-mode ECH) have been upstreamed into the OpenSSL master branch.

For each of these ECH-enabled repos, we've added a 'builder' workflow (run daily and after a push) that attempts to merge our code with the latest upstream and that then does a build and a basic test. We expect these to fail from time to time as changes occur in the upstream packages. When that happens, there's a red badge below and we usually fix those within a couple of days by rebasing the repos here with the relevant upstream. Note that a red badge doesn't mean that our ECH-enabled code is broken, just that some manual intervention is needed to bring us back up to the bleeding edge with the upstream package.

We have now upstreamed ECH shared-mode code to the OpenSSL project and we've also upstreamed ECH code to curl, lighttpd, apache2, haproxy and nginx.

For openssl, haproxy and nginx, our ECH shared-mode code has been upstreamed, but our defo-project repos also support ECH split-mode so we also have a daily check that those build and pass the basic ECH test.

As of 2026-03-04 a number of the CI builds are failing as there are some interface changes in OpenSSL 4.0 (unrelated to ECH) that cause breakage. We expect those to be resolved in the coming days/weeks as other upstream packages test the alpha release of OpenSSL 4.0.

Packages with our ECH code yet to be upstreamed:

Package 'Builder' status Details
python python packages.yaml workflow link

For packages where our ECH code has already been upstreamed, we also have a daily check that those build and pass a basic ECH test:

Package 'Builder' status Details
openssl openssl packages.yaml workflow link
apache-httpd apache-httpd packages.yaml workflow link
curl curl packages.yaml workflow link
lighttpd1.4 lighttpd packages.yaml workflow link
haproxy haproxy packages.yaml workflow link
nginx nginx packages.yaml workflow link

Popular repositories Loading

  1. defo-ech-apps defo-ech-apps Public

    a demo fork of F-Droid that uses TLS ECH by default

    Java 20 5

  2. ech-dev-utils ech-dev-utils Public

    Scripts, configurations and HOWTOs for playing with Encrypted ClientHello (ECH)

    Shell 9 7

  3. openssl openssl Public

    Forked from openssl/openssl

    a fork to implement TLS Encrypted ClientHello (ECH) in OpenSSL

    C 5 2

  4. EchInteropTest EchInteropTest Public

    simple Android app to test Conscrypt-ECH

    Java 3

  5. nginx nginx Public

    Forked from nginx/nginx

    a fork to implement TLS Encrypted ClientHello (ECH) in nginx

    C 3

  6. apache-httpd apache-httpd Public

    Forked from apache/httpd

    a fork to implement TLS Encrypted ClientHello (ECH) in Apache HTTP Server

    C 1

Repositories

Showing 10 of 14 repositories
View all repositories

Most used topics

Loading…