Solutions for users facing ECH blocking in Russia
There have been reports of issues accessing websites using Encrypted Client Hello (ECH) technology from popular CDN provider CloudFlare in Russia.
What does this mean for you?
If you are using CloudFlare proxying for your website or trying to access websites using ECH, you may encounter difficulties.
This technology, part of the TLS 1.3 protocol, was designed to protect user privacy. However, it also hindered the operation of Roskomnadzor's blocking mechanisms, which likely led to its restriction.
What can users do if they are unable to access sites proxied through CloudFlare?
Currently, there are issues accessing many websites using CloudFlare protection for users with Russian IP addresses.
PQ.Hosting understands that restrictions on accessing websites using ECH can cause inconvenience for our clients. We are always striving to provide our clients with reliable and secure solutions. Testing has shown that the most optimal option is to disable ECH on the browser side, and since there are different browsers, you need to perform these actions according to the instructions available online. You can also consider using a VPN to access unavailable sites.
What about website owners using CloudFlare protection?
One option to disable TLS 1.3 on the Cloudflare side:
1. Log in to your Cloudflare account.
2. Go to the Dashboard and select the site where you need to change the settings.
3. Go to the SSL/TLS section.
4. Find the Edge Certificates tab.
5. Scroll down to the TLS 1.3 settings and turn off the switch.
Additional ways from the PQ.Hosting team:
— Disable proxying of individual domains and/or subdomains through CloudFlare.
— Switch from CloudFlare to other website protection services that do not use forced TLS ECH (Encrypted Client Hello).
Apply the discount by inserting the promo code in the special field at checkout:
