Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Fri, Jan 4, 2019 at 7:47 PM wrote: > Is this already implemented? Yes, it works in current Firefox 64 and Nightly, but you have to manually activate ESNI and DNS-over-HTTPS in about:config. > [1] is not yet fixed and [2] does not work for me with current Nightly. > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 > [2] https://www.cloudflare.com/ssl/encrypted-sni/ > Alexander Venedioukhin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
Is this already implemented? [1] is not yet fixed and [2] does not work for me with current Nightly. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 [2] https://www.cloudflare.com/ssl/encrypted-sni/ Am 04.01.19 um 17:13 schrieb Hubert Kario: > On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: >> Hello, >> >> I'm implementing ESNI (encrypted SNI, current draft 02) server-side. >> It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the >> server sends HelloRetryRequest during handshake. In latter case >> Firefox responds with plain text SNI extension (same hostname) in >> second ClientHello, instead of ESNI. Still, handshake successfully >> finishes. Is it intended behavior? > > that sounds to me like a question to the IETF TLS mailing list > > signature.asc Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: > Hello, > > I'm implementing ESNI (encrypted SNI, current draft 02) server-side. > It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the > server sends HelloRetryRequest during handshake. In latter case > Firefox responds with plain text SNI extension (same hostname) in > second ClientHello, instead of ESNI. Still, handshake successfully > finishes. Is it intended behavior? that sounds to me like a question to the IETF TLS mailing list -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
