Problem Description
Please consider adding support for Encrypted SNI in Adguard Home (if applicable).
I'm no network engineer so I don't know if it even applies, but it would be nice if it could be implemented.
CloudFlare's Reference: https://blog.cloudflare.com/encrypted-sni/
CloudFlare's Test Page: https://www.cloudflare.com/ssl/encrypted-sni/
hl2guide
All 3 comments
True!
Hope more security!
https://allinfa.com/dns-over-https-doh.html
https://allinfa.com/encrypted-server-name-indication-esni.html
https://www.cloudflare.com/ssl/encrypted-sni/
jkle112
on 16 May 2020
For your own queries do you mean? Surely eSNI is already supported. I get _esni queries answered in my query log all the time, and Cloudflare confirms my connections include encrypted SNI.
Added to that, my ISP blocks torrent sites (court order, UK) but with eSNI enabled in Firefox, and AGH set to use a capable upstream (i.e. Cloudflare), I can load the sites no problems even without a VPN (because the ISP can't see what I'm connecting to, as both DNS and SNI are encrypted). Add Cloudflare as your upstream and, in Firefox's about:config, set network.security.esni.enabled to true. You must third, and finally, have encrypted DNS over HTTPS set up in Firefox (either via Preferences or about:config)
RainmakerRaw
on 17 May 2020
ESNI standard is far from being out of the draft state. FF and Cloudflare have implemented some old draft which is rather far from the current state of the spec.
Anyways, we can only implement this when ESNI is finalized and supported by Golang, and this is not the case yet.
ameshkov
on 18 May 2020
Related issues
xenio
·
4Comments
s-timm
·
4Comments
ajongsma
·
3Comments
ghost
·
4Comments
yanniedog
·
3Comments
Most helpful comment
ESNI standard is far from being out of the draft state. FF and Cloudflare have implemented some old draft which is rather far from the current state of the spec.
Anyways, we can only implement this when ESNI is finalized and supported by Golang, and this is not the case yet.