/plushcap/analysis/cloudflare/encrypt-that-sni-firefox-edition

Encrypt that SNI: Firefox edition

What's this blog post about?

Cloudflare has announced support for Encrypted Server Name Indication (ESNI) TLS extension in collaboration with Mozilla. ESNI allows browsing of Cloudflare websites without leaking the plaintext SNI TLS extension to on-path observers such as ISPs, coffee-shop owners, and firewalls. To enable ESNI, users need to download and install the latest Firefox Nightly build or update their existing one. Additionally, they must enable support for DNS over HTTPS (DOH) in Firefox settings. The Browsing Experience Security Check page can be used to verify if a browser is providing a secure browsing experience by using secure DNS transport, DNSSEC validation, TLS 1.3 & ESNI. Cloudflare's test page at https://encryptedsni.com checks for these features. The Wireshark tool can also be used to see the encrypted SNI extension on the wire while visiting a website that supports ESNI.

Company
Cloudflare

Date published
Oct. 18, 2018

Author(s)
Alessandro Ghedini

Word count
1087

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.