Firefox rolls out ECH enabled by default in 118
ECH (encrypted client hello) is going or get enabled by default (already existed in a hidden setting) with version 118.
This page about the version explains a bit better ECH …mozilla.org/…/understand-encrypted-client-hello
Tho it is still a bit confusing.
From what I understand there is the DNS query > the dns servers sends back an IP. This DNS query can be encrypted with DoH (or DoT?, it seems only DoH from the post).
Then there is a handshake with the website where the website informations can be leaked, and that can be encrypted by ECH (if the website supports it).
Then after that there is a tls connexion established between the website and the user.
The part where I’m confused is : can ECH be used without DoH? If yes that would mean that I can use a DoH capable software and not have to configure it into Firefox? (ex: Nextdns + yogadns)
![](https://kbin.life/media/cache/resolve/entry_thumb/47/92/479249aad93509be248962063e32de0c2e9aaf7b0e1cb5a69733b58a0c5c4a6c.png)