diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 2bd19e841e1..7a69401f877 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -338,6 +338,10 @@ type ConnectionState struct {
 	// accepted by the server.
 	ECHAccepted bool
 
+	// ECHOffered is set if the ECH extension is present in the ClientHello.
+	// This means the client has offered ECH or sent GREASE ECH.
+	ECHOffered bool
+
 	// CFControl is used to pass additional TLS configuration information to
 	// HTTP requests.
 	//
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index f3fc6d008b2..edf35ef7072 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -1475,6 +1475,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	state.SignedCertificateTimestamps = c.scts
 	state.OCSPResponse = c.ocspResponse
 	state.ECHAccepted = c.ech.accepted
+	state.ECHOffered = c.ech.offered || c.ech.greased
 	state.CFControl = c.config.CFControl
 	if !c.didResume && c.vers != VersionTLS13 {
 		if c.clientFinishedIsFirst {