Does cloudflared support TLS1.3 and encrypted SNI?

I’m now using your new feature, SSH over Argo Tunnel, everyday. This involves using Cloudflared as a proxy command of SSH.

According to my packet capture, it only uses TLS1.2 when communicating with your servers. Which effectively leaks the server DNS name if someone else is capturing network traffic.

So does Cloudflared support TLS1.3 and encrypted SNI? If not, could you please implement it to make it more likely to replace VPN service in high security level applications?

I believe the supported TLS 1.3 draft revision is old (i’m unfamiliar with this), but it is supported.

And I believe eSNI is supported, might be available on firefox or firefox nightly

Note that I’m talking about Cloudflared, not the Cloudflare website.

This topic was automatically closed after 30 days. New replies are no longer allowed.