Cloudflare is rolling out ECH to all domains for testing
Last year Cloudflare had greyed out the ECH for a short period of time but soon it was removed. Recently they have started to enable ECH for all domain names. How can you tell if your domain is using ECH? You can check by visiting https://weavatar.cc/cdn-cgi/trace and if there is a value of sni=encrypted then your domain is using ECH. If it shows sni=plaintext then your domain is not using ECH and it's still in a grey area, possibly related to the node. Currently all domains use a fixed sni value of cloudflare-ech.com. The draft for ECH currently states that if an ECH connection is blocked, the client cannot retry (which means no precision blocking like before with ESNI). https://github.com/net4people/bbs/issues/393
页:
[1]