ssl_ech_file
Configures the path to a file containing ECH (Encrypted Client Hello) configuration data.
Description
The ssl_ech_file directive is used to specify the file path to a configuration file containing ECH (Encrypted Client Hello) settings, which provide a mechanism for enhancing the privacy of the initial handshake in SSL/TLS connections. This directive is part of the NGINX SSL module, and is useful for web servers that aim to protect users from surveillance and ensure the integrity of the web experience.
The parameter for this directive is a string that represents the file path where the ECH configuration data is stored. The ECH configuration file must be formatted correctly and provide valid entries; otherwise, NGINX will fail to start or load the configuration properly. It is essential to ensure that proper permissions are set on the file so that NGINX can read this file when it starts up.
When the NGINX server is running with ECH enabled, it will read the specified file during the start-up phase, ensuring that the defined ECH properties are applied to clients that support this feature. This can help in improving user privacy and providing a more secure communications channel with the server.
Config Example
ssl_ech_file /etc/nginx/echn_config.conf;
Ensure the configured file path is accessible by the NGINX process owner, or it will fail to read the configuration.
The contents of the ECH configuration file must adhere to the specific expected format or NGINX will not recognize the settings.