techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

#ech

0 posts0 participants0 posts today
Emory<p><span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@lunarood" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lunarood</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> for anyone curious this sidebar about Encrypted Client Hello <a href="https://soc.kvet.ch/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a> and you can read about it and what happens when you setup a <a href="https://soc.kvet.ch/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> connection for gmail, your google searches, or any opportunistic tls you have from extensions like `https everywhere` or similar. </p><p><a href="https://blog.apnic.net/2025/02/17/appropriate-access-and-methods-to-ensure-are-changing" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.apnic.net/2025/02/17/appr</span><span class="invisible">opriate-access-and-methods-to-ensure-are-changing</span></a></p><p>i occasionally block outbound port 80/tcp and 53/udp via host filtering/sd-wan rules or other policy engines on my devices. </p><p>good reminder from <span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@lunarood" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lunarood</span></a></span> that we're not quite there yet.</p>
DACBARBOS Brand<p>Automatic HTTPS with Encrypted ClientHello (ECH)<br><a href="https://caddyserver.com/docs/automatic-https#encrypted-clienthello-ech" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">caddyserver.com/docs/automatic</span><span class="invisible">-https#encrypted-clienthello-ech</span></a> <a href="https://mastodon.social/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddy</span></a> <a href="https://mastodon.social/tags/docs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docs</span></a> <a href="https://mastodon.social/tags/ech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ech</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
DACBARBOS Brand<p>Caddy 2.10 has been released, featuring fully-automated Encrypted ClientHello (ECH), post-quantum key exchange (x25519mlkem768), ACME profiles (6-day certs!), and many improvements/fixes. Please verify it works for you and deploy away! <a href="https://mastodon.social/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddy</span></a> <a href="https://mastodon.social/tags/ech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ech</span></a> <br><a href="https://github.com/caddyserver/caddy/releases/tag/v2.10.0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/caddyserver/caddy/r</span><span class="invisible">eleases/tag/v2.10.0</span></a></p>
ASX Mkt. Sensitive<p>Echelon Resources Limited ( <a href="https://mastodon-grafa.social/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a> ) has released " CTP: CTP's gas supply for Arafura to be re-marketed for sale " on Wed 16 Apr at 08:27 AEST <a href="https://mastodon-grafa.social/tags/Commodity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Commodity</span></a> <a href="https://mastodon-grafa.social/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a> <a href="https://mastodon-grafa.social/tags/media" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>media</span></a> <a href="https://mastodon-grafa.social/tags/live" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>live</span></a> <a href="https://mastodon-grafa.social/tags/ASX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASX</span></a> <br><a href="https://grafa.com/asset/echelon-resources-limited-27884-ech.asx?utm_source=asxmktsensitive&amp;utm_medium=mastodon&amp;utm_campaign=ech.asx" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">grafa.com/asset/echelon-resour</span><span class="invisible">ces-limited-27884-ech.asx?utm_source=asxmktsensitive&amp;utm_medium=mastodon&amp;utm_campaign=ech.asx</span></a></p>
Rod Faulkner<p>Yeah, so what this means is the “POP!” of the <a href="https://universeodon.com/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> bubble when it bursts is going to be deafening, much louder than the dot com crash. </p><p>Folks, we need to buckle up…</p><p><a href="https://universeodon.com/tags/ech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ech</span></a> <a href="https://universeodon.com/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> </p><p><a href="https://www.cnbc.com/2025/03/31/openai-closes-40-billion-in-funding-the-largest-private-fundraise-in-history-softbank-chatgpt.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cnbc.com/2025/03/31/openai-clo</span><span class="invisible">ses-40-billion-in-funding-the-largest-private-fundraise-in-history-softbank-chatgpt.html</span></a></p>
Andreas Amsler (in English)<p>... and public sector technology can be co-controlled via public procurement.</p><p><a href="https://fosstodon.org/tags/eCH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eCH</span></a> <a href="https://fosstodon.org/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSS</span></a> <a href="https://fosstodon.org/tags/OpenData" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenData</span></a></p>
jbz<p>🌩️ Cloudflare Asks Court to End LaLiga's "Illegal" Blocking Response to Encrypted Client Hello *<br>—TorrentFreak</p><p>「 The unusual feature of the complaint is the focus on Encrypted Client Hello, or ECH for short. As highlighted earlier, this can effectively be used to bypass site blocking 」</p><p><a href="https://torrentfreak.com/cloudflare-asks-court-to-end-laligas-illegal-blocking-response-to-encrypted-client-hello-250220/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">torrentfreak.com/cloudflare-as</span><span class="invisible">ks-court-to-end-laligas-illegal-blocking-response-to-encrypted-client-hello-250220/</span></a></p><p><a href="https://indieweb.social/tags/cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudflare</span></a> <a href="https://indieweb.social/tags/ech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ech</span></a> <a href="https://indieweb.social/tags/copyright" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>copyright</span></a> <a href="https://indieweb.social/tags/censorship" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>censorship</span></a></p>
Stéphane Bortzmeyer<p><a href="https://mastodon.gougere.fr/tags/IETF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF</span></a> </p><p>Argh, le futur RFC sur l'exportation des clés <a href="https://mastodon.gougere.fr/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> (SSLKEYLOGFILE), qui avait été approuvé, a été retiré de la file d'attente des RFC. Vu le retard pris, il fallait lui ajouter les derniers trucs (notamment <a href="https://mastodon.gougere.fr/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a>). </p><p>Bref, ce n'est pas encore normalisé. (Alors que c'est crucial pour le déboguage, cf. mon talk à Capitole du Libre <a href="https://cfp.capitoledulibre.org/cdl-2022/talk/P79YC7/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cfp.capitoledulibre.org/cdl-20</span><span class="invisible">22/talk/P79YC7/</span></a> )</p>
TorrentFreak RSS<p>Cloudflare Asks Court to End LaLiga’s “Illegal” Blocking Response to Encrypted Client Hello</p><p><a href="https://torrentfreak.com/cloudflare-asks-court-to-end-laligas-illegal-blocking-response-to-encrypted-client-hello-250220/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">torrentfreak.com/cloudflare-as</span><span class="invisible">ks-court-to-end-laligas-illegal-blocking-response-to-encrypted-client-hello-250220/</span></a></p><p> <a href="https://burn.capital/tags/encryptedclienthello" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryptedclienthello</span></a> <a href="https://burn.capital/tags/dynamicinjunction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dynamicinjunction</span></a> <a href="https://burn.capital/tags/SiteBlocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SiteBlocking</span></a> <a href="https://burn.capital/tags/Anti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anti</span></a>-Piracy <a href="https://burn.capital/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> <a href="https://burn.capital/tags/LaLiga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LaLiga</span></a> <a href="https://burn.capital/tags/iptv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptv</span></a> <a href="https://burn.capital/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a></p>
Petr Menšík :fedora:<p><span class="h-card" translate="no"><a href="https://gts.laalaa.land/@jinna" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jinna</span></a></span> until you use any form of encrypted DNS, your ISP can read everything. No matter what server you choose. Use <a href="https://fosstodon.org/tags/DoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoT</span></a> or <a href="https://fosstodon.org/tags/DoH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoH</span></a> or <a href="https://fosstodon.org/tags/DoQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoQ</span></a>. But in the free world you should order a new ISP contract, if possible. They may still know something, but they should not be able to tamper with responses at least. You want also <a href="https://fosstodon.org/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a> in you browser enabled.</p>
grumb<p>На данный момент именно средствами <a class="hashtag" href="https://idealists.su/tag/тспу" rel="nofollow noopener" target="_blank">#ТСПУ</a> блокируются попытки соединения с <a class="hashtag" href="https://idealists.su/tag/aws" rel="nofollow noopener" target="_blank">#AWS</a> — Сервисы облачных вычислений Amazon Web Services по протоколам TLSv1.2 и TLSv1.3.</p><p>Проверить можно попытавшись получить доступ к URL <a href="https://aws.amazon.com/" rel="nofollow noopener" target="_blank">https://aws.amazon.com/</a> </p><p>Не важно какой поставщик DNS используется — интернет провайдера, 8.8.8.8 или же DoH (DNS-over-HTTPS) от Cloudflare.</p><p>Это явно не связано с <a class="hashtag" href="https://idealists.su/tag/ech" rel="nofollow noopener" target="_blank">#ECH</a> (Encrypted Client Hello), поскольку блокируются и 1.2 и 1.3 — версии TLS-соединений не использующие данное расширение.</p><p>По ряду признаков выглядит так, что данная проблема не является локальной у какого-либо интернет провайдера или магистральных провайдеров. Возможно сбой в работе <a class="hashtag" href="https://idealists.su/tag/dpi" rel="nofollow noopener" target="_blank">#DPI</a> внутри ТСПУ, а может быть и неправомерные действия должностных лиц из <a class="hashtag" href="https://idealists.su/tag/роскомнадзор" rel="nofollow noopener" target="_blank">#Роскомнадзор</a>. На данный момент этот статус неизвестен, локализовано лишь примерное местоположение в сетях передачи данных с технической стороны вопроса.</p><p><a class="hashtag" href="https://idealists.su/tag/internet" rel="nofollow noopener" target="_blank">#internet</a> <a class="hashtag" href="https://idealists.su/tag/ркн" rel="nofollow noopener" target="_blank">#РКН</a></p>
Guardian Project<p>It is now possible to use <a href="https://social.librem.one/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> as an <a href="https://social.librem.one/tags/ECH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECH</span></a> client using the DEfO development fork:<br><a href="https://guardianproject.info/2025/01/10/using-tls-ech-from-python/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">guardianproject.info/2025/01/1</span><span class="invisible">0/using-tls-ech-from-python/</span></a></p><p><a href="https://social.librem.one/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://social.librem.one/tags/EncryptedClientHello" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncryptedClientHello</span></a></p>

Да, на #ТСПУ началась блокировка TLS 1.3 соединений использующих ECH (Encrypted Client Hello).

Проверяется легко, если в #Firefox можно через about:config отключить использование ECH:

network.dns.echconfig.enabled в false

При этом не обязательно трогать network.dns.http3_echconfig.enabled

А вот пользующиеся #Chrome и #Chromium в полном пролёте — возможность отключения #ECH теперь уже не предусмотрена. Убран и отправлен в небытие старый-добрый:

chrome://flags#encrypted-client-hello

После отключения ECH возвращается работоспособность таких безобидные сайтов как:

Ожидаемо, что по этой причине Центр мониторинга и управления сетью связи общего пользования (ЦМУ ССОП) Роскомнадзора пошлёт в пешее путешествие всех недовольных с жалобами. Предложив использовать браузеры, позволяющие отключать ECH.

Формально Роскомпозор блокирует лишь одно из расширений TLS 1.3, а не сам протокол. По причине того, что #Cloudflare включил использование #ECH для всех своих клиентов по умолчанию.

А горстка слабохарактерных идиотов, так и не смогла сделать ECH частью протокола TLS 1.3 — история тянется аж с 2018 года.

Уж очень много копий было сломано, пока уходили от 1.2 версии #TLS в сторону 1.3, шествие было очень длинным и напряжённым. И людишкам не хватило воли с характером на включение в 1.3 таких вещей как ECH — в раннем варианте это звалось ESNI и не выглядело зрелым решением.

idealists.suAkkoma

I just noticed that my #Firefox was sending network traffic either with HTTP/2 + #ECH + #X25519MLKEM768, or with HTTP/3, but without ECH or X25519MLKEM768. Then I dug into about:config and found the option network.http.http3.enable_kyber, enabling it fixed the above behavior. HTTP/3 + ECH + X25519MLKEM768 is now used. Maybe check your Firefox behavior to ensure ECH and post-quantum key exchange is used whenever possible. Test site: https://cloudflare-ech.com/cdn-cgi/trace

Looks like Russia is now blocking Cloudflare's Encrypted Client Hello traffic if:
- SNI is cloudflare-ech.com
- TLS ClientHelloOuter contains the "encrypted_client_hello" extension

github.com/net4people/bbs/issu

Russia officially recommends "owners of information resources disable the TLS ECH extension or, more correctly, use domestic CDN services".

cmu.gov.ru/ru/news/2024/11/07/

With increased ECH use, I expect certain other actors to follow suit.

[Discussion moved from #393 (comment). NTC threads are https://ntc.party/t/12837 (technical information) and https://ntc.party/t/12732 (discussion).] Cloudflare's deployment of Encrypted Client Hel...
GitHubBlocking of Cloudflare ECH in Russia, 2024-11-05 · Issue #417 · net4people/bbsBy wkrp

Роскомнадзор начал блокировку сайтов с шифрованием ECH (Encrypted Client Hello) от Cloudflare.

Недавно Cloudflare внедрила технологию ECH для всех сайтов на своих серверах — это 24 млн страниц.

-Активное шифрование ECH нарушает российское законодательство, так как имеет возможности обхода ограничений доступа к запрещенной информации в России.

Пользователи в РФ уже начали жаловаться на недоступность тысяч сайтов, использующих ECH.

Роскомнадзор советует владельцам ресурсов отказаться от использования CDN-сервиса CloudFlare и переходить на отечественные CDN-сервисы.

src:
portal.noc.gov.ru/ru/news/2024
habr.com/ru/news/856722/

portal.noc.gov.ruРекомендуем отказаться от CDN-сервиса CloudFlare | Новости

Seems like blocking #Cloudflare's #ECH was not enough for #Roskomnadzor's clowns.

In addition, I cannot access the following sites I regularly use, even with DPI bypassing software:

I can confirm it's not broken just for me with GlobalCheck (globalcheck.net/en/).

What's in common? They are all hosted on #Hetzner.

#Russia already blocked Hetzner, #OVH and #Linode earlier this year for a short period. They do this kind of "testing" from time to time.

Mastodon hosted on wetdry.worldWet-Dry WorldWe are a community focused on gaming, tech, entertainment, and more.