Encrypt that SNI: Firefox edition
Cloudflare has announced support for Encrypted Server Name Indication (ESNI) TLS extension in collaboration with Mozilla. ESNI allows browsing of Cloudflare websites without leaking the plaintext SNI TLS extension to on-path observers such as ISPs, coffee-shop owners, and firewalls. To enable ESNI, users need to download and install the latest Firefox Nightly build or update their existing one. Additionally, they must enable support for DNS over HTTPS (DOH) in Firefox settings. The Browsing Experience Security Check page can be used to verify if a browser is providing a secure browsing experience by using secure DNS transport, DNSSEC validation, TLS 1.3 & ESNI. Cloudflare's test page at https://encryptedsni.com checks for these features. The Wireshark tool can also be used to see the encrypted SNI extension on the wire while visiting a website that supports ESNI.
Company
Cloudflare
Date published
Oct. 18, 2018
Author(s)
Alessandro Ghedini
Word count
1087
Language
English
Hacker News points
None found.