New
#60
Right, with FF 85.0 I started getting this:
Ideas - before I jump on it?
Found this in the meantime:
Encrypted Client Hello: the future of ESNI in Firefox - Mozilla Security Blog
But to no avail (and network.security.esni.enabled option is still present in my FF config)
From Memory:
Change DNS in windows to Cloudflare. Also check Post #11
And:
Encrypt that SNI: Firefox edition
Check if your browser uses Secure DNS, DNSSEC, TLS 1.3, and Encrypted SNI - gHacks Tech News
That's all been put in place before and was fine - as per my earlier posts here. FF 85.0 seemingly broke something and I cannot figure out what...
Firefox 85 has dropped ESNI and implemented the draft ECH standard in its place (it is disabled by default). Unfortunately, on the server side, nobody has implemented ECH yet, including Cloudflare.
So it is all broke for now until servers implement ECH, and they are probably waiting for the next draft or finalization of the standard.
Thanks - and: yup, that's what I gather based on the link I found earlier:
Encrypted Client Hello: the future of ESNI in Firefox - Mozilla Security Blog
I faffed with these settings - to no avail...Users that have previously enabled ESNI in Firefox may notice that the about:config option for ESNI is no longer present. Though we recommend that users wait for ECH to be enabled by default, some may want to enable this functionality earlier. This can be done in about:config by setting network.dns.echconfig.enabled and network.dns.use_https_rr_as_altsvc to true, which will allow Firefox to use ECH with servers that support it. While ECH is under active development, its availability may be intermittent as it requires both the client and server to support the same version.
Also, as I wrote earlier: ESNI settings are still present within my FF configuration.
So another hasty and messy release, I gather.
Yeah, one step forward, two backwards... or is this the other way around? I forget...
Very few of their users are even aware of this though, and so I expect they weighed that against getting moving ahead with a standard. One thing I am confident of though - it would be a very difficult thing for Mozilla to support both ESNI and DCH code in the same release. For all we know, cloudflare will implement ECH before the next Firefox release, then we'd complain about Firefox not having it. LOL