Secure SNI on DNS over TLS?

While using cloudfare dns and checking on , the SNI comes up as crossed (x). rest parameters are green,
Tthis are the parameters I am using in my router: server-tls -host-name:

Does this mean SNI is not encrypted. Do I need to make any chnages for SNI encryption to be enabled?

Here’s a primer:

The bottom line is it’s not yet an official standard, and requires client support, but it’s in the works.

Thanks. I further tried using cloudfare dns over https. server-https :443 The same test suggests SNI is unencrypted.
Is it right to say that while dot and doh are secure transmisisons but do not ensure full privacy because of SNI not being encrypted?

Yes. Basically, the loss of privacy (i.e., exactly which site you are visiting) occurs when visiting servers that host more than one site, which of course is not uncommon. On servers that only host one site, there is no privacy lost because the fact that you visited that IP address is not private, and a reverse IP lookup would reveal the actual site you visited.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.