So I know recently ESNI has evolved into ECH. Firefox’s new build (Firefox 85) allows this feature to be enabled by using these steps: This can be done in about:config by setting network.dns.echconfig.enabled and network.dns.use_https_rr_as_altsvc to true, which will allow Firefox to use ECH with servers that support it.
The problem is, when I try and test the browser security check found here: Cloudflare Browser Check
It shows a big RED X next to “Encrypted SNI”, and states “Your browser did not encrypt the SNI when visiting this page.”
As a side note, I did just setup ipv6 on my router. Not sure if this matters at all? I did verify I’m on Firefox 85, but maybe that’s part of the issue? Does Firefox 85 no longer support this Cloudflare ESNI Checker to pass with all green checkmarks? Thanks for the help.
Firefox 85 replaces ESNI with ECH draft-08, and another update to draft-09 (which is targeted for wider interoperability testing and deployment) is forthcoming.
Cloudflare Browser Check is specific to ESNI so it is expected that Firefox 85 and newer with ECH instead of ESNI would fail this test.
Hello. I’m using firefox 85.0.2. The esni property has been removed. after network.dns.echconfig.enabled and network.dns.use_https_rr_as_altsvc enabled. but Cloudflare Browser Check Encrypted SNI appears passive at this address. not working.