diff --git a/files/wstunnel-client b/files/wstunnel-client
index 39eca2e..1933e0f 100755
--- a/files/wstunnel-client
+++ b/files/wstunnel-client
@@ -52,6 +52,7 @@ TLS_CERTIFICATE=""
 TLS_PRIVATE_KEY=""
 DNS_RESOLVER=()
 DNS_RESOLVER_PREFER_IPV4=""
+TLS_ECH_ENABLE=""
 REVERSE_TUNNEL_CONNECTION_RETRY_MAX_BACKOFF=""
 
 # Function to trim whitespace
@@ -179,6 +180,9 @@ while IFS='=' read -r key value; do
         dns_resolver_prefer_ipv4)
             DNS_RESOLVER_PREFER_IPV4="$value"
             ;;
+        tls_ech_enable)
+            TLS_ECH_ENABLE="$value"
+            ;;
         reverse_tunnel_connection_retry_max_backoff)
             REVERSE_TUNNEL_CONNECTION_RETRY_MAX_BACKOFF="$value"
             ;;
@@ -228,6 +232,7 @@ for resolver in "${DNS_RESOLVER[@]}"; do
     CMD+=("--dns-resolver" "$resolver")
 done
 [ "$DNS_RESOLVER_PREFER_IPV4" = "true" ] && CMD+=("--dns-resolver-prefer-ipv4")
+[ "$TLS_ECH_ENABLE" = "true" ] && CMD+=("--tls-ech-enable")
 
 # Set environment variable for nb_worker_threads if specified
 if [ -n "$NB_WORKER_THREADS" ]; then
diff --git a/files/wstunnel.conf b/files/wstunnel.conf
index 6f3f2e1..fbdae42 100644
--- a/files/wstunnel.conf
+++ b/files/wstunnel.conf
@@ -163,3 +163,7 @@ websocket_ping_frequency = 30s
 ; The client follows an exponential backoff strategy until it reaches this maximum delay
 ; By default, the client tries to reconnect every 1 second
 ; reverse_tunnel_connection_retry_max_backoff = 1s
+
+; Enable ECH (encrypted sni) during TLS handshake to wstunnel server.
+; Warning: Ech DNS config is not refreshed over time. It is retrieved only once at startup of the program 
+; tls_ech_enable = flase
diff --git a/package.yml b/package.yml
index 44bf743..df54080 100644
--- a/package.yml
+++ b/package.yml
@@ -1,8 +1,8 @@
 name       : wstunnel
-version    : 10.4.1
-release    : 8
+version    : 10.4.2
+release    : 9
 source     :
-    - https://github.com/erebe/wstunnel/archive/refs/tags/v10.4.1.tar.gz : 976e8132cf4ed120d8db4b2304f500408938ab857ad025b6fbe7f60d4d306ab0
+    - https://github.com/erebe/wstunnel/archive/refs/tags/v10.4.2.tar.gz : dd421991399dbab1261a339958d0af77ec94d1a20f4faec1d8fd40bead0b8594
 homepage   : https://github.com/erebe/wstunnel
 license    : BSD-3-Clause
 component  : network.util