Using TLS ECH from Python

January 10, 2025

At first, the idea of encrypting more of the metadata found inside the initial packet (the “ClientHello”) of a TLS connection may seem …

Quick set up guide for Encrypted Client Hello (ECH)

November 10, 2023

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol …

DEfO - Developing ECH for OpenSSL (round two)

November 9, 2023

Encrypted ClientHello (ECH) plugs a privacy-hole in TLS, hiding previously visible details from network observers. The most important being the name …

Debian over HTTPS

December 8, 2021

Debian’s package manager apt has a time-tested method of securely providing packages from the network built on OpenPGP signatures. Even though …

Implementing TLS Encrypted Client Hello

November 30, 2021

As part of the DEfO project, we have been working on accelerating the development Encrypted Client Hello (ECH) as standardized by the IETF. ECH is the …

NetCipher + Conscrypt for the best possible TLS

December 17, 2019

A new NetCipher library has recently been merged: netcipher-conscrypt. In the same vein as the other NetCipher libraries, netcipher-conscrypt wraps …

Tweaking HTTPS for Better Security

February 12, 2014

The HTTPS protocol is based on TLS and SSL, which are standard ways to negotiate encrypted connections. There is a lot of complexity in the protocols …

VoIP security architecture in brief

November 21, 2013

Voice over IP (VoIP) has been around for a long time. It’s ubiquitous in homes, data centers and carrier networks. Despite this ubiquity, security is …

Proposal for Secure Connection Notification on Android

November 15, 2012

A major problem of mobile applications being increasingly used over web-based applications, is that there is no standard established for notifying the …