Disappointed to learn that @firefox and @Cloudflare 's implementations of ESNI aren't compatible. Just checked, and despite enabling ESNI in Firefox, CloudFlare says I'm not using ESNI.
-
Show this thread
-
That shouldn’t be the case. Could be a problem with our checker. We’ve worked closely with Firefox/Mozilla throughout the process. Cc:
@grittygrease2 replies 0 retweets 5 likes -
Replying to @eastdakota @encthenet and
It should be enabled. Have you tried checking with Wireshark? Send me an email, we’ll debug.
1 reply 0 retweets 2 likes -
Replying to @grittygrease @eastdakota and
Could there be an issue with incognito mode? I'll grab a pcap and email it to you.
1 reply 0 retweets 1 like -
Replying to @encthenet @eastdakota and
Make sure you have DoH enabled too.
2 replies 1 retweet 7 likes -
Replying to @grittygrease @encthenet and
Is ESNI supposed to work if I use my own DoH server? Cloudflare ESNI checker with Firefox 67.0.4 says no :-(
2 replies 1 retweet 1 like -
Replying to @fanf @grittygrease and
Is ESNI supposed to work if DoH is used system-wide (even using Cloudflare as a resolver) instead of just configured in Firefox ?
1 reply 1 retweet 1 like -
Replying to @jedisct1 @grittygrease and
I got esni working (I needed to fiddle with about:config) but I have configured Firefox to use my DoH server directly - Firefox assumes DNS is insecure and refuses to ESNI if it is not doing its own DoH
2 replies 1 retweet 3 likes
And that is not great. Firefox should at least have a configuration flag to say “the system resolver is secure, other clients than Firefox exist, you know”.
-
-
Replying to @jedisct1 @grittygrease and
I think ESNI should be on regardless, because SNI exposes host names to more third parties than DNS does
1 reply 1 retweet 1 like -
Yeah, good point. SNI exposes it to everyone along the path, while if you're using a local resolver, could be less and it could be along a different path.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.