Encrypted Client Hello (ECH) support
NetScaler provides support for Encrypted Client Hello (ECH) on the front end. ECH is a privacy-enhancing extension to the TLS 1.3 protocol. Traditionally, Server Name Indication is sent unencrypted during the initial TLS handshake. This allows network observers to track your browsing activity.
When ECH is enabled, SNI is encrypted making it more difficult for Internet Service Providers (ISPs) or public Wi-Fi operators to track the websites you visit. This enhancement provides several key benefits:
- Stronger user privacy: Your browsing activity is confidential.
- Improved security: Reduces the potential for profiling and targeted attacks based on observed browsing habits.
- Potential for accessing restricted content: In some cases, ECH can help bypass network-level website blocking that relies on SNI inspection.
Prerequisites
- Generate a public and private key pair for HPKE externally or by running an OpenSSL command
openssl genpkey -algorithm x25519 -outform DER -out ech_hpke.key
<!--NeedCopy-->
-
Store the generated HPKE private key in the
/nsconfig/ssl directory
. -
Ensure that your DNS provider supports HTTPS records (a type of SVCB record) to host the ECH configuration, including the HPKE public key.
Configure ECH by using the CLI
- Add an HPKE key file.
add ssl hpkeKey <name> -file <keyfile> -dhKEM X_25519
- Enable ECH on the SSL profile.
set ssl profile <profile> -encryptedClientHello ENABLED
- Add the ECH configuration.
add ssl echConfig <name> -ECHcipher <cipher> -hpkeKeyName <hpkekey> -version <version> -ECHPublicName <fqdn> -ECHconfigId <configid>
- Bind the ECH configuration to the SSL profile.
bind ssl profile <profile> -ECHconfigName <echconfig>
Note:
Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.
Example:
add ssl hpkeKey h1 -file hpke.key -dhKEM X_25519
set ssl profile p1 -encryptedClientHello ENABLED
add echConfig ech_conf -echCipher AES128-GCM-HKDFSHA256 -hpkeKeyName K1 -ECHPublicName abc.com -ECHConfigId 1 -version 65037
bind ssl profile p1 -ECHconfigName ech_conf
set ssl vserver v1 -sslProfile p1
show ssl profile p1
Name: p1 (Front-End)
SSLv3: DISABLED TLSv1.0: ENABLED TLSv1.1: ENABLED TLSv1.2: ENABLED TLSv1.3: ENABLED
Client Auth: DISABLED
Use only bound CA certificates: DISABLED
Strict CA checks: NO
Session Reuse: ENABLED Timeout: 120 seconds
DH: DISABLED
DH Private-Key Exponent Size Limit: DISABLED Ephemeral RSA: ENABLED Refresh Count: 0
Deny SSL Renegotiation ALL
Non FIPS Ciphers: DISABLED
Cipher Redirect: DISABLED
SSL Redirect: DISABLED
Send Close-Notify: YES
Strict Sig-Digest Check: DISABLED
Zero RTT Early Data: DISABLED
DHE Key Exchange With PSK: NO
Tickets Per Authentication Context: 1
Push Encryption Trigger: Always
PUSH encryption trigger timeout: 1 ms
SNI: DISABLED
OCSP Stapling: DISABLED
Strict Host Header check for SNI enabled SSL sessions: NO
Match HTTP Host header with SNI: CERT
Push flag: 0x0 (Auto)
SSL quantum size: 8 kB
Encryption trigger timeout 100 mS
Encryption trigger packet count: 45
Subject/Issuer Name Insertion Format: Unicode
SSL Interception: DISABLED
SSL Interception OCSP Check: ENABLED
SSL Interception End to End Renegotiation: ENABLED
SSL Interception Maximum Reuse Sessions per Server: 10
Session Ticket: DISABLED
HSTS: DISABLED
HSTS IncludeSubDomains: NO
HSTS Max-Age: 0
HSTS Preload: NO
Allow Extended Master Secret: NO
Send ALPN Protocol: NONE
Encrypted Client Hello: ENABLED
SSL Client Logs: DISABLED
Done
show ssl vserver v1
Advanced SSL configuration for VServer v1:
Profile Name :p1
1) CertKey Name: ns1 Server Certificate
Done
<!--NeedCopy-->
Configure ECH by using the GUI
- Navigate to Traffic Management > SSL > HPKE Keys.
- Click Add.
- In the Add HPKE Key page type the key details.
- Navigate to Traffic Management > SSL >ECH.
- In the Encrypted Client Hello Configuration page, click Add.
- In the Add ECH Configuration page add the ECH configuration details.
- Navigate to System > Profiles> SSL Profiles.
- Select the profile with the ECH configuration, click Edit.
- Select Encrypted Client Hello.
- In the SSL Profiles page, navigate to Advance Settings > ECH Configuration.
- In the ECH Configuration Binding page, select the ECH configuration name.
- Click BIND.
Note:
Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.
Limitations
- ECH is not compatible with HTTP_QUIC virtual servers.
- ECH does not function with the Hello Retry Request mechanism in TLS 1.3 handshakes.
- ECH does not support the Pre-Shared Key (PSK) method for key exchange.
- ECH is only supported on the front end of VPX, MPX, and SDX and not on back-end servers.