Two changes to how dnsdoh.art handles TLS are now live.
Post-quantum key exchange. The server now offers the X25519MLKEM768 hybrid group, which pairs the classical X25519 exchange with ML-KEM-768, a post-quantum algorithm. It protects the session key against the harvest-now-decrypt-later approach, where traffic recorded today could be stored and decrypted by a future quantum computer. Recent versions of Chrome, Firefox and Edge negotiate it automatically; older clients fall back to X25519 with no change for them. Our guide, Harvest Now, Decrypt Later, explains what this protects and why it runs as a hybrid.
Encrypted Client Hello (ECH). Even with encrypted DNS, a browser normally sends the site name in plaintext during the TLS handshake, in the SNI field. ECH encrypts that part of the handshake, so the hostname is no longer exposed on the wire when both the browser and the server support it. Our guide, Encrypted DNS Still Leaks the Site Name: ECH Explained, covers how it works, why it depends on encrypted DNS, and what it still does not hide.
If you have not encrypted your DNS yet, the setup guide is the place to start, and the protocols comparison explains the options.
The server now offers post-quantum key exchange (X25519MLKEM768) and Encrypted Client Hello, so the session key resists future quantum attacks and the site name is no longer sent in plaintext during the TLS handshake.
Highlights
- Post-quantum X25519MLKEM768 key exchange, offered by default with fallback to X25519
- Encrypted Client Hello hides the TLS server name (SNI) when the browser supports it
- New guide explaining ECH, SNI, and why both depend on encrypted DNS