My Apply
My Apply



DEfO is developing an implementation of the encrypted ClientHello (ECH) mechanism for OpenSSL, which is a widely used library that provides an implementation of the Transport Layer Security (TLS) protocol.

The DEfO project will work on Encrypted Server Name Indication (ESNI) for the OpenSSL library - the most commonly used software for providing TLS encryption.

Recent developments in Transport Layer Security (TLS) and Domain Name System (DNS) privacy have rendered significant amounts of traffic metadata invisible to network intermediaries. A notable exception, however, is that the name of the server is still completely unencrypted information - meaning it can be used for pervasive monitoring, censorship, or other kinds of control.

The Internet Engineering Task Force (IETF) TLS working group is now working on making Encrypted Server Name Indication (ESNI) part of the TLS standards. ESNI is a way to plug a privacy-hole that remains in the TLS protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implementation of ESNI for OpenSSL, and an ESNI-enabled web server as a demonstration and for interoperability testing. Over time, DEfO will demonstrate integration of ESNI with other tools that use TLS.

Under OTF support, Tolerant Networks Ltd. and members of the Guardian Project will be working on DEfO.

Get the word out

Funding to date

2019 $94,300 18 months
Core Infrastructure Fund

Total Funding: $94,300

We wrote about it

Your cookie settings

This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.