How to Disable ECH (TLS 1.3) in Cloudflare

Internet Blocked: How Cloudflare and ECH Clashed with Roskomnadzor

The internet in Russia has faced a massive blockade—thousands of websites using ECH have stopped opening in Russia.

What is ECH and Why is it Needed?

ECH (Encrypted Client Hello) is a technology that encrypts traffic and hides domain names from ISPs. Enabling ECH on Cloudflare servers helped users bypass blocks, increasing privacy. However, Roskomnadzor saw this as a hostile measure and, from November 5 to 6, blocked all websites supporting ECH.

What to Do If Your Website Isn’t Working?

Many resources have become inaccessible, and even local sites using Cloudflare have been affected. The issue can be mitigated with temporary solutions. Here are three ways:

1. Use foreign IP addresses to bypass the blockade.
2. Disable ECH (TLS 1.3) for your site via Cloudflare.
3. Disable TLS 1.3 in your browser.

These steps will temporarily restore access to websites until the situation stabilizes.

Step-by-Step Guide to Disabling ECH in Cloudflare

To make your website accessible, follow these steps:

1. Go to the Cloudflare website: visit this link.
2. Select the desired domain and open the SSL/TLS tab.
3. Disable TLS 1.3: locate the TLS 1.3 setting and uncheck it.

⚠️ Note: Disabling TLS 1.3 reduces your website’s security. If the blocks are lifted, it is recommended to re-enable this feature.

When Will the Changes Take Effect?

DNS updates are not instant. Depending on your ISP, changes may take up to 24 hours to apply. Usually, websites start working sooner, but delays are possible.

P.S. Until the situation changes, these measures will help restore access to your websites for users in Russia.