Firefox first to support ESNI

Hats off to Mozilla and Cloudflare!

6 Likes

I’ve been using Nightly 64 for at least a week for ESNI. Why all the hubbub all of a sudden?

1 Like

From what I could gather they must have enabled it in the build of October 10, at least for Windows.

The key sentence is

First, you need to make sure you have DNS over HTTPS enabled . Once you’ve done that, you also need to set the “network.security.esni.enabled” preference in about:config to “true”).

Though I dont understand why it would require DNS over HTTPS. I guess thats not required for ESNI per se, but just to have the channel encrypted as well.

What’s this do, in lay terms? Is this so the domain of the site you’re trying to access is encrypted also?

Basically it is something like HTTP’s host header, for TLS though. It specifies which certificate should be used for the current TLS session. That part was unencrypted so far.

Correct. ESNI provides a “pre-encryption key” for that domain so you don’t have to send the host name to the web server in plain text in order to start the TLS session.

This topic was automatically closed after 14 days. New replies are no longer allowed.