Does Let’s Encrypt support TLS Encrypted Client Hello (ECH, formerly known as ESNI) with tls-alpn-01
ACME challenges? DuckDuckGoOnion searches site:community.letsencrypt.org "ech"
and site:letsencrypt.org "ech"
returned no results; Discourse forum search too-“helpfully” returned results for “echo”.
I’m currently hurrying to set up my new websites before the 2025-01-25 deadline to get beautiful OCSP Must-Staple certificates. (That will be the subject of another thread...) I carefully selected a webserver that supports OCSP stapling with draconian Must-Staple enforcement (I read the code, and it refuses to serve Must-Staple certificates without a valid staple!), TLS ECH, and support for BoringSSL with both draft and standard post-quantum KEX. (No, not anything written in Go.) To stand against censorship and to protect reader privacy, I tentatively intend to make most of my sites ECH-only straight from the start; my only hesitation is that it will currently block all Tor Browser users. Then, I realized that Let’s Encrypt may not support ECH with tls-alpn-01
. Does it?
If it does, then please consider this a “feature request” for documentation. If not, then...
Let’s encrypt our client hellos! IIUC, here are the necessary steps for Let’s Encrypt:
-
When the DNS lookup for the domain is made, lookup and parse HTTPS Resource Records (RR type 65) in accord with RFC 9460: “Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)”.
-
If an ECH key is found, use it to encrypt the validation hello.
BoringSSL with its “live at the head” policy supports ECH. For OpenSSL support, see the DEfO project and the ECH feature branch. I don’t know of any other SSL/TLS libraries with current support for ECH.
dns-01
challenges are a fallback unless/until Let’s Encrypt supports ECH, but it would be disappointing to use that after I selected a webserver partly based on tls-alpn-01
support.
I haven’t yet tested how my webserver’s early ECH support interacts with its tls-alpn-01
support, but I’ve already been otherwise patching the TLS code and can probably fix it if it breaks.
I also have no idea what the proper workflow is for setting up a bunch of sites from scratch this way. I suppose that I first need to obtain a TLS certificate for the site shown in the outer ClientHello, and then set up the ECH-protected sites. Live and learn!