[commoner]

Cloudflare's 1.1.1.1 currently supports ESNI, but Firefox has replaced ESNI in favor of ECH (Encrypted Client Hello) starting from version 85 due to vulnerabilities in the former. Unfortunately, no public DNS resolvers support ECH yet.

- https://blog.mozilla.org/security/2021/01/07/encrypted-clien...

- https://bugzilla.mozilla.org/show_bug.cgi?id=1709263

Cloudflare has another blog post with the implementation details for ECH:

- https://blog.cloudflare.com/encrypted-client-hello/