Hi Plex Team,
I’d like to suggest enabling Cloudflare’s Encrypted Client Hello (ECH) feature for Plex services to enhance privacy and security. ECH is designed to protect sensitive information, such as the server hostname, by encrypting it, making it harder for malicious actors to perform traffic analysis or identify target servers.
Why Enable ECH?
Currently, even with TLS encryption, the initial handshake reveals the SNI (Server Name Indication), which can expose domain information. ECH encrypts this part of the connection, providing an additional layer of security for users accessing Plex.
Steps to Enable ECH
- Log into the Cloudflare Dashboard and select the relevant domain.
- Go to SSL/TLS Settings and click on the Edge Certificates tab.
- Look for Encrypted Client Hello (ECH) and enable it. If this option is not available, you may need to reach out to Cloudflare support for further assistance.
How to Verify
Once enabled, you can verify that ECH is working by visiting:
https://app.plex.tv/cdn-cgi/trace
Check for sni=encrypted in the output. This will confirm that the ECH feature is properly enabled.
Reference Documentation
For more details, Cloudflare’s documentation on ECH is available here:
Cloudflare ECH Documentation
I believe implementing ECH would be a valuable addition to Plex’s security posture. Thank you for considering this suggestion!
