Encrypted SNI on Google Chrome?

Hi guys, Google Chrome or Safari don’t support ESNI (encrypted sni) yet?

Im using correctly 1.1.1.1 and DNS over HTTPS on my Macbook (via Cloudflared proxy) but I don’t know how to use Encrypted SNI in my laptop or Chrome Browser, that is the last Security Check left on https://www.cloudflare.com/ssl/encrypted-sni/

2 Likes

By switching to Firefox :slight_smile:

Google simply does not support it at this point, so Firefox is your best bet.

3 Likes

eSNI is still an evolving standard, Firefox and Cloudflare just decided to implement a draft before the standard was finalized. Chrome will likely implement it as soon as it’s finalized.

https://crbug.com/908132

You can track the standard at https://datatracker.ietf.org/doc/draft-ietf-tls-esni/

This will stay as the “solution” until chrome implements it.

3 Likes

I’d like to add that eSNI is going to be a huge issue in terms of rollout. Chrome is used everywhere from schools to enterprises and they would not be happy if their internet filtering software stopped working overnight. I imagine we’ll see a rollout like DoH where any managed policies set up on the device will prevent the user from enabling eSNI.

I dont think these use cases should serve as reason not to roll it out or to delay it. The very idea of encryption in these contexts is to prevent third parties from eavesdropping. If they want filtering, they should do it openly and install adequate software on the clients.

I hope not, the only hurdle is BYOD which can’t really be solved in a secure manner since the router doing SNI filtering looks the same as the ISP/gov doing SNI filtering.

Chrome still doesn’t support ESNI?
How about the betas? Nighlies? Canaries? Roadmap?

Neithet Chrome support it