My Apply
My Apply



The DEfO project will work on Encrypted Server Name Indication (ESNI) for the OpenSSL library - the most commonly used software for providing TLS encryption.

Recent developments in Transport Layer Security (TLS) and Domain Name System (DNS) privacy have rendered significant amounts of traffic metadata invisible to network intermediaries. A notable exception, however, is that the name of the server is still completely unencrypted information - meaning it can be used for pervasive monitoring, censorship, or other kinds of control.

The Internet Engineering Task Force (IETF) TLS working group is now working on making Encrypted Server Name Indication (ESNI) part of the TLS standards. ESNI is a way to plug a privacy-hole that remains in the TLS protocol that's used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implementation of ESNI for OpenSSL, and an ESNI-enabled web server as a demonstration and for interoperability testing. Over time, DEfO will demonstrate integration of ESNI with other tools that use TLS.

Under OTF support, Tolerant Networks Ltd. and members of the Guardian Project will be working on DEfO.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2019 $94,300 18 months
Core Infrastructure Fund

Total Funding: $94,300

Addressed problems

  • Blocking, filtering, or modification of political, social, and/or religious content (including apps)
  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication
  • Restrictive Internet filtering by technical methods (IP blocking, DNS filtering, TCP RST, DPI, etc.)
  • Government practices that hold intermediaries (social networks or ISPs) liable for user content


  • Privacy enhancement


  • Deploying technology
  • Software or hardware development
  • Testing
  • Technology development


  • Advocacy groups/NGOs
  • General public
  • Activists
  • Journalists
  • Technologists

Region(s) archive

  • Global

Project status

  • It Exists! (Alpha/Beta)

Technology attributes

  • Application deployment
  • Cryptography
  • Desktop App
  • Mobile application (clientside)
  • Networking
  • Sensitive data
  • Server daemon
  • Web application
  • Anonymity

We wrote about it

Your cookie settings

This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.