Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Fri, Jan 4, 2019 at 7:47 PM wrote: > Is this already implemented? Yes, it works in current Firefox 64 and Nightly, but you have to manually activate ESNI and DNS-over-HTTPS in about:config. > [1] is not yet fixed and [2] does not work for me with current Nightly. > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 > [2] https://www.cloudflare.com/ssl/encrypted-sni/ > Alexander Venedioukhin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
Hello, I'm implementing ESNI (encrypted SNI, current draft 02) server-side. It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the server sends HelloRetryRequest during handshake. In latter case Firefox responds with plain text SNI extension (same hostname) in second ClientHello, instead of ESNI. Still, handshake successfully finishes. Is it intended behavior? Alexander Venedioukhin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto