ADC

Encrypted Client Hello (ECH) support

NetScaler provides support for Encrypted Client Hello (ECH) on the front end. ECH is a privacy-enhancing extension to the TLS 1.3 protocol. Traditionally, Server Name Indication is sent unencrypted during the initial TLS handshake. This allows network observers to track your browsing activity.

When ECH is enabled, SNI is encrypted making it more difficult for Internet Service Providers (ISPs) or public Wi-Fi operators to track the websites you visit. This enhancement provides several key benefits:

  • Stronger user privacy: Your browsing activity is confidential.
  • Improved security: Reduces the potential for profiling and targeted attacks based on observed browsing habits.
  • Potential for accessing restricted content: In some cases, ECH can help bypass network-level website blocking that relies on SNI inspection.

Prerequisites

  1. Generate a public and private key pair for HPKE externally or by running an OpenSSL command
openssl genpkey -algorithm x25519 -outform DER -out ech_hpke.key
  1. Store the generated HPKE private key in the /nsconfig/ssl directory.

  2. Ensure that your DNS provider supports HTTPS records (a type of SVCB record) to host the ECH configuration, including the HPKE public key.

Configure ECH by using the CLI

  1. Add an HPKE key file.

add ssl hpkeKey <name> -file <keyfile> -dhKEM X_25519

  1. Enable ECH on the SSL profile.

set ssl profile <profile> -encryptedClientHello ENABLED

  1. Add the ECH configuration.

add ssl echConfig <name> -ECHcipher <cipher> -hpkeKeyName <hpkekey> -version <version> -ECHPublicName <fqdn> -ECHconfigId <configid>

  1. Bind the ECH configuration to the SSL profile.

bind ssl profile <profile> -ECHconfigName <echconfig>

Note:

Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.

Example:

add ssl hpkeKey h1 -file hpke.key -dhKEM X_25519 set ssl profile p1 -encryptedClientHello ENABLED add echConfig ech_conf -echCipher AES128-GCM-HKDFSHA256 -hpkeKeyName K1 -ECHPublicName abc.com -ECHConfigId 1 -version 65037 bind ssl profile p1 -ECHconfigName ech_conf set ssl vserver v1 -sslProfile p1 show ssl profile p1 Name: p1 (Front-End) SSLv3: DISABLED TLSv1.0: ENABLED TLSv1.1: ENABLED TLSv1.2: ENABLED TLSv1.3: ENABLED Client Auth: DISABLED Use only bound CA certificates: DISABLED Strict CA checks: NO Session Reuse: ENABLED Timeout: 120 seconds DH: DISABLED DH Private-Key Exponent Size Limit: DISABLED Ephemeral RSA: ENABLED Refresh Count: 0 Deny SSL Renegotiation ALL Non FIPS Ciphers: DISABLED Cipher Redirect: DISABLED SSL Redirect: DISABLED Send Close-Notify: YES Strict Sig-Digest Check: DISABLED Zero RTT Early Data: DISABLED DHE Key Exchange With PSK: NO Tickets Per Authentication Context: 1 Push Encryption Trigger: Always PUSH encryption trigger timeout: 1 ms SNI: DISABLED OCSP Stapling: DISABLED Strict Host Header check for SNI enabled SSL sessions: NO Match HTTP Host header with SNI: CERT Push flag: 0x0 (Auto) SSL quantum size: 8 kB Encryption trigger timeout 100 mS Encryption trigger packet count: 45 Subject/Issuer Name Insertion Format: Unicode SSL Interception: DISABLED SSL Interception OCSP Check: ENABLED SSL Interception End to End Renegotiation: ENABLED SSL Interception Maximum Reuse Sessions per Server: 10 Session Ticket: DISABLED HSTS: DISABLED HSTS IncludeSubDomains: NO HSTS Max-Age: 0 HSTS Preload: NO Allow Extended Master Secret: NO Send ALPN Protocol: NONE Encrypted Client Hello: ENABLED SSL Client Logs: DISABLED Done show ssl vserver v1 Advanced SSL configuration for VServer v1: Profile Name :p1 1) CertKey Name: ns1 Server Certificate Done

Configure ECH by using the GUI

  1. Navigate to Traffic Management > SSL > HPKE Keys.
  2. Click Add.
  3. In the Add HPKE Key page type the key details.
  4. Navigate to Traffic Management > SSL >ECH.
  5. In the Encrypted Client Hello Configuration page, click Add.
  6. In the Add ECH Configuration page add the ECH configuration details.
  7. Navigate to System > Profiles> SSL Profiles.
  8. Select the profile with the ECH configuration, click Edit.
  9. Select Encrypted Client Hello.
  10. In the SSL Profiles page, navigate to Advance Settings > ECH Configuration.
  11. In the ECH Configuration Binding page, select the ECH configuration name.
  12. Click BIND.

Note:

Once the ECH configuration is bound to the SSL profile, bind that SSL profile to the SSL virtual server.

Limitations

  • ECH is not compatible with HTTP_QUIC virtual servers.
  • ECH does not function with the Hello Retry Request mechanism in TLS 1.3 handshakes.
  • ECH does not support the Pre-Shared Key (PSK) method for key exchange.
  • ECH is only supported on the front end of VPX, MPX, and SDX and not on back-end servers.
Encrypted Client Hello (ECH) support