Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ESNI on All of Cloudflare-Enabled Sites #722

Closed
ameshkov opened this issue Feb 11, 2019 · 4 comments
Closed

Support ESNI on All of Cloudflare-Enabled Sites #722

ameshkov opened this issue Feb 11, 2019 · 4 comments
Labels
Enhancement High Resolution: Fixed Status: Closed Version: CoreLibs v1.11
Milestone
v2.0

Comments

@ameshkov
Copy link
Member

@DitFranXX commented on Mon Feb 11 2019

This is Feature Request, CC: https://blog.cloudflare.com/encrypted-sni/ https://encryptedsni.com/

All of CF-Enabled domain enabled ESNI as default. also Firefox has ESNI Implements which can be enabled by set network.security.esni.enabled to true (But it is not work with ADGuard with HTTPS Filtering because Site cert is Adguard Personal CA instead Cloudflare's cert.)

May this is issue of something called CoreLibs .

Steps to reproduce

  1. Access any cloudflare enabled domain with /cdn-cgi/trace path
  2. Access https://encryptedsni.com/

Expected behavior

  1. sni=encrypted
  2. SNI section has green check mark.

Actual behavior

  1. sni=plaintext
  2. SNI section has red X mark.

Your environment

  • ALL of HTTPS Filtering-able enviroment(Window, Mac, and Android)
@ameshkov ameshkov mentioned this issue Feb 11, 2019
Closed
@ameshkov ameshkov added this to the v1.4 milestone Feb 11, 2019
@ameshkov
Copy link
Member Author

ameshkov commented Feb 11, 2019
edited
Loading

@DitFranXX

We actually have another issue about it, but most likely we will have to split it into smaller tasks: #553

Supporting the CloudFlare's draft implementation would be a good first step.

@DitFranXX
Copy link

It's been 7 months. CoreLibs now 1.5. High priority, And milestone is targeting 1.4. When this feature implemented?

@ameshkov
Copy link
Member Author

@DitFranXX

The milestone was set to v2.0, I don't know why in the GH history it shows v1.4.

The first pre-requisite is to start supporting DNS filtering and DNS encryption in desktop AdGuard products which is a huge task by itself. We cannot rely on plain DNS in ESNI.

Only after that, we can start working on ESNI. The problem is that the work on the ESNI specification draft is still a work-in-progress, and it seems that supporting the draft version by Firefox and Cloudflare does not make much sense now.

@sfionov
Copy link
Member

sfionov commented Mar 26, 2023

Closing as duplicate of #1565 which is already done

@sfionov sfionov closed this as completed Mar 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement High Resolution: Fixed Status: Closed Version: CoreLibs v1.11
Projects
None yet
Milestone
v2.0
Development

No branches or pull requests
4 participants
@sfionov @ameshkov @adguard-bot @DitFranXX