How to enable (ESNI) ECH in browsers like Brave, Chrome or Firefox
Why do we need encrypted SNI? https://www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
Blog - https://blog.cloudflare.com/announcing-encrypted-client-hello/
How to enable ech in Firefox
1. Go to the settings options in firefox and open the Privacy and Settings tab and scroll down to DNS over HTTPS.
1.1 Select either from the Default, Increased, or Max Protection and select the provider NextDNS(also you can choose Cloudflare).
2. Open New Tab and type "about:config" in the address bar and select the accept the risk and continue option to proceed
2.1 Search "network.trr.mode" and change it to 3 from 2
2.2 Seach and Toggle "network.dns.echconfig.enabled" to true from false
2.3 Similarly, change "network.dns.http3_echconfig.enabled" and "security.tls.ech.grease_http3"
3. Restart the browser and visit the site https://tls-ech.dev to check whether the browser is using ech or not
Website to check - https://tls-ech.dev and https://www.cloudflare.com/ssl/encrypted-sni/
How to enable ech in Brave or Chromium fork browsers
1. Open the Settings panel go to the Privacy and Security section in Brave Browser and select the security sub-section.
2. Select the "use-secure-dns" section and select the NextDNS(or Cloudflare) from the Dropdown.
3. Open the New Tab and type "brave://flags" or "chrome://flags" in the respective browsers
3.1 Change these settings or flags - (Toggle this from Default to Enabled)
3.1.1 #encrypted-client-hello - Enabled
3.1.2 #use-dns-https-svcb-alpn - Enabled
4. Restart the browser and visit the site https://tls-ech.dev to check whether the browser is using ech or not
Images of firefox
Images of Brave Browser - similar to Chromium fork browsers
I have https://tls-ech.dev/ succeeding and and https://www.cloudflare.com/ssl/encrypted-sni/ failing with above setting under Firefox, what could be the reason?