Skip to main content

ECH

  • 加密 SNI - ESNI -> ECH - Encrypted Client Hello - 加密 Client Hello
  • 依赖 HTTPS DNS 记录
caution
# 国内被拦截
dig tls-ech.dev HTTPS +short

# 通过 sni 判断是否走的 ECH
curl https://wener.me/cdn-cgi/trace

# https://github.com/curl/curl/blob/master/docs/ECH.md
curl --ech true --doh-url https://cloudflare-dns.com/dns-query https://wener.me/cdn-cgi/trace

# 需要代理
curl -s -H 'accept: application/dns+json' 'https://dns.google.com/resolve?name=tls-ech.dev&type=HTTPS' | jq '.Answer[].data' -r
1 . ech=AEn+DQBFKwAgACABWIHUGj4u+PIggYXcR5JF0gYk3dCRioBW8uJq9H4mKAAIAAEAAQABAANAEnB1YmxpYy50bHMtZWNoLmRldgAA