[hannob]

This is a TLS mechanism called SNI and yes, it's there to make sure one server can deliver multiple different hosts over TLS.

There's a mechanism called Encrypted ClientHello (ECH), formerly known as ESNI, that tries to address this. Ultimately using either DoH or ECH only provides limited protection, the idea is to use both.

[seodisparate]

Oh I see, thanks for the reply. I did a quick search and came upon https://blog.cloudflare.com/encrypted-client-hello/ which does shed light on ECH. Though I am not sure if only Cloudflare-backed servers provide ECH, or if it is even available. Seems relatively new.

EDIT: Ah, the blog post does indicate that ECH is a work in progress.

[tialaramex]

It is likely that ECH will be a GREASEd "big bang" deployment for various practical reasons.

What that means is, one day you'll get a new browser update and from then all your TLS connections will seem to use ECH, however, since most servers don't speak ECH most of your connections will have an unencrypted Hello as usual and then the ECH payload they carry is actually random noise.

Then, gradually over time, sites do have ECH and the connections to those sites use a cover name in the outer Hello with the real name protected by ECH instead of noise in the ECH data.

I would anticipate this beginning probably in the next 12-18 months once ECH is nailed down completely and ready to be published.

[newscracker]

Note that ECH must be supported on both ends. So it’s required on the browser (or OS or application) too.