https://blog.cloudflare.com/encrypted-sni/

So how come the original SNI couldn’t be encrypted before, but now it can? Where does the encryption key come from if client and server haven’t negotiated one yet?
(略)
The server publishes a public key on a well-known DNS record, which can be fetched by the client before connecting

シンプルイズベスト

But wait, DNS? For real?
(略)
the introduction of DNS features such as DNS over TLS (DoT) and DNS over HTTPS (DoH), and of public DNS resolvers that provide those features to their users (such as Cloudflare’s own 1.1.1.1), DNS queries can now be encrypted and protected by the prying eyes of censors and trackers alike.

素敵～