caption: Enable TLS Encrypted ClientHello
default: true
desc: |-
Encrypted ClientHello (ECH) is an extension to TLS to encrypt sensitive fields of the ClientHello and improve privacy.
If this policy is not configured, or is set to enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will follow the default rollout process for ECH. If it is disabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will not enable ECH.
When the feature is enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> may or may not use ECH depending on server support, availability of the HTTPS DNS record, or rollout status.
ECH is an evolving protocol, so <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>'s implementation is subject to change. As such, this policy is a temporary measure to control the initial experimental implementation. It will be replaced with final controls as the protocol finalizes.
example_value: true
features:
dynamic_refresh: true
per_profile: false
future_on:
- fuchsia
items:
- caption: Enable the TLS Encrypted ClientHello experiment
value: true
- caption: Disable the TLS Encrypted ClientHello experiment
value: false
owners:
- [email protected]
- [email protected]
schema:
type: boolean
supported_on:
- chrome.*:105-
- chrome_os:105-
- android:105-
tags:
- system-security
type: main
Codebase Browser
chromium