MozillaZine

Encrypted SNI

User Help for Mozilla Firefox
unbob
 
Posts: 91
Joined: December 13th, 2007, 9:43 am

Post Posted October 2nd, 2019, 9:05 am

Running FF v69.0.1. When running the Cloudfare 'Browsing Experience Security Check' (https://www.cloudflare.com/ssl/encrypted-sni/), the 'Encrypted SNI' test fails:

Image

Can anyone here confirm that FF does not support 'Encrypted SNI'?

kerft
 
Posts: 506
Joined: January 30th, 2019, 9:38 am

Post Posted October 2nd, 2019, 9:16 am

Firefox supports encrypted sni, but it is not on by default. At url about:config set network.security.esni.enabled to true. More detail is here https://blog.cloudflare.com/encrypt-tha ... x-edition/

unbob
 
Posts: 91
Joined: December 13th, 2007, 9:43 am

Post Posted October 2nd, 2019, 10:35 am

kerft wrote:Firefox supports encrypted sni, but it is not on by default. At url about:config set network.security.esni.enabled to true. More detail is here https://blog.cloudflare.com/encrypt-tha ... x-edition/
Thanks for that info. I set network.security.esni.enabled to true. Unfortunately, the Cloudfare security check still fails the 'Encrypted SNI' test.

So, either the test is flawed or the FF config setting does not work.

dickvl

User avatar
 
Posts: 52840
Joined: July 18th, 2005, 3:25 am

Post Posted October 2nd, 2019, 1:30 pm

Works for me in Firefox 69 with the esni pref enabled.
network.security.esni.enabled = true

Encrypted SNI
Your browser encrypted the SNI when visiting this page.

Nobody listening on the wire can see the website you made a TLS connection to.

With the pref set to false I got that the SNI wasn't encrypted (a Fx restart wasn't necessary).
network.security.esni.enabled = false

Encrypted SNI
Your browser did not encrypt the SNI when visiting this page.

Anybody listening on the wire can see the exact website you made a TLS connection to.

unbob
 
Posts: 91
Joined: December 13th, 2007, 9:43 am

Post Posted October 2nd, 2019, 8:47 pm

dickvl wrote:Works for me in Firefox 69 with the esni pref enabled.
network.security.esni.enabled = true


Nope, still not working for me. Restarted FF but that didn't help. So, doesn't work for everyone.

Brummelchen
 
Posts: 4601
Joined: March 19th, 2005, 10:51 am

Post Posted October 3rd, 2019, 12:52 am

failure here too (v70 esni enable) - but: need to disable umatrix/ublock to get a result, otherwise nothing.
guess whom i trust more when cloudflare is blocked here in parts.

Return to Firefox Support


Who is online

Users browsing this forum: Google [Bot] and 10 guests