Encrypted Client Hello
E893544
Encrypted Client Hello is a TLS 1.3 extension that protects privacy by encrypting most of the ClientHello message, including the server name, to prevent passive observers from learning which site a client is connecting to.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Encrypted Client Hello canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T10926829 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Encrypted Client Hello Context triple: [Server Name Indication extension, hasSuccessor, Encrypted Client Hello]
-
A.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
B.
AT-TLS (Application Transparent TLS)
AT-TLS (Application Transparent TLS) is an IBM z/OS networking function that transparently provides TLS encryption and decryption for application traffic without requiring changes to the applications themselves.
-
C.
TLS heartbeat extension (later deprecated)
The TLS heartbeat extension was a Transport Layer Security protocol feature designed to keep secure connections alive and test reachability, later becoming widely known for the critical Heartbleed vulnerability that led to its deprecation.
-
D.
Server Name Indication extension
The Server Name Indication (SNI) extension is a TLS protocol feature that allows a client to indicate the hostname it is trying to connect to at the start of the handshake so that the server can present the correct certificate for virtual hosting.
-
E.
UTA (Using TLS in Applications)
UTA (Using TLS in Applications) is an IETF working group focused on defining best practices and standards for the secure use of Transport Layer Security (TLS) in application protocols.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Encrypted Client Hello Target entity description: Encrypted Client Hello is a TLS 1.3 extension that protects privacy by encrypting most of the ClientHello message, including the server name, to prevent passive observers from learning which site a client is connecting to.
-
A.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
B.
AT-TLS (Application Transparent TLS)
AT-TLS (Application Transparent TLS) is an IBM z/OS networking function that transparently provides TLS encryption and decryption for application traffic without requiring changes to the applications themselves.
-
C.
TLS heartbeat extension (later deprecated)
The TLS heartbeat extension was a Transport Layer Security protocol feature designed to keep secure connections alive and test reachability, later becoming widely known for the critical Heartbleed vulnerability that led to its deprecation.
-
D.
Server Name Indication extension
The Server Name Indication (SNI) extension is a TLS protocol feature that allows a client to indicate the hostname it is trying to connect to at the start of the handshake so that the server can present the correct certificate for virtual hosting.
-
E.
UTA (Using TLS in Applications)
UTA (Using TLS in Applications) is an IETF working group focused on defining best practices and standards for the secure use of Transport Layer Security (TLS) in application protocols.
- F. None of above. chosen
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
TLS extension
ⓘ
privacy-enhancing technology ⓘ |
| abbreviation | ECH ⓘ |
| aimsToProtect |
metadata confidentiality
ⓘ
requested hostname confidentiality ⓘ user privacy ⓘ website a client is connecting to ⓘ |
| appliesTo |
HTTPS connections
ⓘ
other TLS-based application protocols ⓘ |
| category |
internet privacy standard
ⓘ
security protocol extension ⓘ |
| deploymentModel | requires support from both client and server ⓘ |
| designedBy | IETF TLS Working Group NERFINISHED ⓘ |
| encryptionScope |
TLS extensions that might reveal identity
ⓘ
most of the ClientHello message ⓘ |
| goal |
hide which site a client is connecting to
ⓘ
improve privacy of TLS handshakes ⓘ prevent passive observers from learning the server name ⓘ |
| leavesUnencrypted | outer ClientHello ⓘ |
| mitigates |
SNI-based censorship
ⓘ
SNI-based tracking ⓘ network surveillance of destination hostnames ⓘ passive traffic analysis ⓘ |
| notVisibleTo |
on-path adversaries without decryption keys
ⓘ
passive network observers ⓘ |
| partOf |
TLS 1.3
NERFINISHED
ⓘ
Transport Layer Security NERFINISHED ⓘ |
| protectsField |
ALPN information in ClientHello
ⓘ
ClientHello message contents ⓘ Server Name Indication ⓘ TLS extensions in ClientHello ⓘ |
| relatedTo |
DNS over HTTPS
NERFINISHED
ⓘ
DNS over TLS ⓘ Server Name Indication NERFINISHED ⓘ TLS 1.3 NERFINISHED ⓘ |
| replaces | Encrypted Server Name Indication NERFINISHED ⓘ |
| requires |
ECH configuration from server
ⓘ
public key for ECH ⓘ |
| standardizedBy | Internet Engineering Task Force NERFINISHED ⓘ |
| status | IETF standardization work item ⓘ |
| successorOf | ESNI ⓘ |
| uses |
hybrid ClientHello design
ⓘ
public key cryptography ⓘ |
| usesProtocolVersion | TLS 1.3 ⓘ |
| visibleTo | intended server ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Encrypted Client Hello Description of subject: Encrypted Client Hello is a TLS 1.3 extension that protects privacy by encrypting most of the ClientHello message, including the server name, to prevent passive observers from learning which site a client is connecting to.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.