Encrypted Client Hello (ECH) support

NetScaler provides support for Encrypted Client Hello (ECH) on the front end. ECH is a privacy-enhancing extension to the TLS 1.3 protocol. Traditionally, Server Name Indication is sent unencrypted during the initial TLS handshake. This allows network observers to track your browsing activity.

When ECH is enabled, SNI is encrypted making it more difficult for Internet Service Providers (ISPs) or public Wi-Fi operators to track the websites you visit. This enhancement provides several key benefits:

  • Stronger user privacy: Your browsing activity is confidential.
  • Improved security: Reduces the potential for profiling and targeted attacks based on observed browsing habits.
  • Potential for accessing restricted content: In some cases, ECH can help bypass network-level website blocking that relies on SNI inspection.

Prerequisites

  1. Generate a public and private key pair for HPKE externally or by running an OpenSSL command
openssl genpkey -algorithm x25519 -outform DER -out ech_hpke.key
<!--NeedCopy-->
  1. Store the generated HPKE private key in the /nsconfig/ssl directory.

  2. Ensure that your DNS provider supports HTTPS records (a type of SVCB record) to host the ECH configuration, including the HPKE public key.

Configure ECH by using the CLI

  1. Add an HPKE key file.

add ssl hpkeKey <name> -file <keyfile> -dhKEM X_25519

  1. Enable ECH on the SSL profile.

set ssl profile <profile> -encryptedClientHello ENABLED

  1. Add the ECH configuration.

add ssl echConfig <name> -ECHcipher <cipher> -hpkeKeyName <hpkekey> -version <version> -ECHPublicName <fqdn> -ECHconfigId <configid>

  1. Bind the ECH configuration to the SSL profile.

bind ssl profile <profile> -ECHconfigName <echconfig>

Note:

Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.

Example:

add ssl hpkeKey h1 -file hpke.key -dhKEM X_25519
set ssl profile p1 -encryptedClientHello ENABLED
add echConfig ech_conf -echCipher AES128-GCM-HKDFSHA256 -hpkeKeyName K1 -ECHPublicName abc.com -ECHConfigId 1 -version 65037
bind ssl profile p1 -ECHconfigName ech_conf
set ssl vserver v1 -sslProfile p1

show ssl profile p1

 Name: p1        (Front-End)
        SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: ENABLED  TLSv1.2: ENABLED  TLSv1.3: ENABLED
        Client Auth: DISABLED
        Use only bound CA certificates: DISABLED
        Strict CA checks:               NO
        Session Reuse: ENABLED          Timeout: 120 seconds
        DH: DISABLED
        DH Private-Key Exponent Size Limit: DISABLED    Ephemeral RSA: ENABLED          Refresh Count: 0
        Deny SSL Renegotiation          ALL
        Non FIPS Ciphers: DISABLED
        Cipher Redirect: DISABLED
        SSL Redirect: DISABLED
        Send Close-Notify: YES
        Strict Sig-Digest Check: DISABLED
        Zero RTT Early Data: DISABLED
        DHE Key Exchange With PSK: NO
        Tickets Per Authentication Context: 1
        Push Encryption Trigger: Always
        PUSH encryption trigger timeout:        1 ms
        SNI: DISABLED
        OCSP Stapling: DISABLED
        Strict Host Header check for SNI enabled SSL sessions:          NO
        Match HTTP Host header with SNI:                CERT
        Push flag:      0x0 (Auto)
        SSL quantum size:               8 kB
        Encryption trigger timeout      100 mS
        Encryption trigger packet count:        45
        Subject/Issuer Name Insertion Format:   Unicode

        SSL Interception: DISABLED
        SSL Interception OCSP Check: ENABLED
        SSL Interception End to End Renegotiation: ENABLED
        SSL Interception Maximum Reuse Sessions per Server:     10
        Session Ticket: DISABLED
        HSTS: DISABLED
        HSTS IncludeSubDomains: NO
        HSTS Max-Age: 0
        HSTS Preload: NO
        Allow Extended Master Secret: NO
        Send ALPN Protocol: NONE
        Encrypted Client Hello: ENABLED
        SSL Client Logs: DISABLED

 Done

show ssl vserver v1

Advanced SSL configuration for VServer v1:
        Profile Name :p1
1)      CertKey Name: ns1       Server Certificate
 Done
<!--NeedCopy-->

Configure ECH by using the GUI

  1. Navigate to Traffic Management > SSL > HPKE Keys.
  2. Click Add.
  3. In the Add HPKE Key page type the key details.
  4. Navigate to Traffic Management > SSL >ECH.
  5. In the Encrypted Client Hello Configuration page, click Add.
  6. In the Add ECH Configuration page add the ECH configuration details.
  7. Navigate to System > Profiles> SSL Profiles.
  8. Select the profile with the ECH configuration, click Edit.
  9. Select Encrypted Client Hello.
  10. In the SSL Profiles page, navigate to Advance Settings > ECH Configuration.
  11. In the ECH Configuration Binding page, select the ECH configuration name.
  12. Click BIND.

Note:

Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.

Limitations

  • ECH is not compatible with HTTP_QUIC virtual servers.
  • ECH does not function with the Hello Retry Request mechanism in TLS 1.3 handshakes.
  • ECH does not support the Pre-Shared Key (PSK) method for key exchange.
  • ECH is only supported on the front end of VPX, MPX, and SDX and not on back-end servers.
Encrypted Client Hello (ECH) support