How can I pass this test with chrome? What adjustments do I make in chrome://flags/? I saw this tutorial for FF on a forum... https://torrentinvites.org/f31/iptorrents-ipt-news-please-read-507327/#post1230314
ESNI is in Firefox stable (v64+) you don't need a test/beta version any more. But it's correct that only Firefox has this capability, and ESNI itself is still experimental, despite being in a release product.
I'm using the AdGuard desktop app just for one purpose/feature: to "Use Encrypted Client Hello," but... It works only for BRAVE when I'm using a VPN desktop app with Wireguard. It does not work with Firefox and VPN with Wireguard (the same settings). Even my Firefox TLS 3 is messed up() Encrypted Client does not work with Google Chrome. It also does not work with Edge - no matter how hard I try.
This is in Firefox 124.0.1 (with Quad9 DNS). With or without VPN doesn't matter: https://support.mozilla.org/en-US/kb/faq-encrypted-client-hello It seems the feature is not yet available in Edge. In (Ungoogled) Chromium 122 and Chromium Dev 125 it is enabled.
I opened the browser and clicked the mouse on the test link. Even with Opera Android same result: It seems simple to me.
Of course I did that as well. But here Secure SNI was red. So, what do I have to change in Edge to pass the test?
FYI - if you're using an AV solution that performs SSL/TLS protocol scanning, it is most likely the source for Secure SNI failure on the Cloudflare test. Eset's SSL/TLS protocol scanning busts it.
It does not work with Brave nor Librewolf for me, not even TLS, lol. Run Edge with the parameter (EncryptedClientHello). Code: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --enable-features="EnableCsrssLockdown,EncryptedClientHello,IsolatePrerenders,IsolateSandboxedIframes,RendererAppContainer,WinSboxDisableExtensionPoint" --disable-webgl --no-pings reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EncryptedClientHelloEnabled" /t REG_DWORD /d "1" /f
I added the parameter ` --enable-features=EncryptedClientHello` to the shortcut and added the registry entry as well (Edge 123.0.2420.53). Still didn't work. I'm not using any AV solution, not even Defender (Windows 10 in a VM).
No policy rule or command line switche is needed. ECH is active by default. https://defo.ie/ech-check.php https://tls-ech.dev/
Well, here it obviously isn't. I can't find the cause of it. Fortunately, Edge is only used here for test cases and all my other browsers pass the test.
I think you are onto something. I have problems with ECH when using Windscribe with Wireguard protocol, but the same Firefox has no issues - the Cloudflare test shows YES of ECH, when I'm using a different VPN - HideAway.
Here is my Firefox without any VPN and set through the Mullvad DNS server. No ECH. Here is my Firefox without any VPN with the Cloudflare DNS server.
I've checked again my Firefox results with Windscribe. Firefox also had the Max Protection with the Mullvad DNS server. The same issue. I really don't know how accurate that Cloudflare browser test is?
Here are my Edge test results with Windscribe and AdGuard. Plus, Edge has internal settings set to Secure DNS - Cloudflare.
You can also test with the pages @Sampei Nihira linked: https://defo.ie/ech-check.php https://tls-ech.dev/ A parameter for EncryptedClientHello is not needed any more, since Edge supports ECH by default now (though not in my case...).
Just now, here is my Edge test with Secure Cloudflare DNS enabled in the settings, without any VPN, and without AdGuard. No ECH! Here is what's interesting. When I turn AdGuard on, then, I lose TLS 1.3 in that Cloudflare test. In short. There is so much that I don't know.