Security News > 2021 > January > Firefox Improves Privacy Protections With Encrypted Client Hello
Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication.
In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.
An extension to TLS 1.3 and above, ESNI was meant to address the data leakage through replacing the SNI extension in Client Hello with an encrypted variant.
Client Hello is the first message exchanged in the TLS handshake process.
ECH aims to address the issue with ESNI by encrypting the entire Client Hello message, instead of only the SNI extension.
With the new privacy feature enabled, Firefox ensures that an encrypted "ClientHelloInner" is used for the TLS handshake when connecting to a server that supports ECH. The "ClientHelloInner" is an extension to the unencrypted "ClientHelloOuter."