Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Fri, Jan 4, 2019 at 7:47 PM wrote: > Is this already implemented? Yes, it works in current Firefox 64 and Nightly, but you have to manually activate ESNI and DNS-over-HTTPS in about:config. > [1] is not yet fixed and [2] does not work for me with current Nightly. > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 > [2] https://www.cloudflare.com/ssl/encrypted-sni/ > Alexander Venedioukhin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
Is this already implemented? [1] is not yet fixed and [2] does not work for me with current Nightly. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 [2] https://www.cloudflare.com/ssl/encrypted-sni/ Am 04.01.19 um 17:13 schrieb Hubert Kario: > On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: >> Hello, >> >> I'm implementing ESNI (encrypted SNI, current draft 02) server-side. >> It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the >> server sends HelloRetryRequest during handshake. In latter case >> Firefox responds with plain text SNI extension (same hostname) in >> second ClientHello, instead of ESNI. Still, handshake successfully >> finishes. Is it intended behavior? > > that sounds to me like a question to the IETF TLS mailing list > > signature.asc Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: > Hello, > > I'm implementing ESNI (encrypted SNI, current draft 02) server-side. > It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the > server sends HelloRetryRequest during handshake. In latter case > Firefox responds with plain text SNI extension (same hostname) in > second ClientHello, instead of ESNI. Still, handshake successfully > finishes. Is it intended behavior? that sounds to me like a question to the IETF TLS mailing list -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
Hello, I'm implementing ESNI (encrypted SNI, current draft 02) server-side. It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the server sends HelloRetryRequest during handshake. In latter case Firefox responds with plain text SNI extension (same hostname) in second ClientHello, instead of ESNI. Still, handshake successfully finishes. Is it intended behavior? Alexander Venedioukhin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto