𐑛𐑦𐑕𐑣𐑸𐑥𐑩𐑯𐑦 | dɪsˈhɑːmənɪ | 異議の元素 
Gea-Suan Linhttps://blog.gslin.org/archives/2026/03/04/12913/ech-%e8%ae%8a%e6%88%90-standards-track-%e4%ba%86/
ECH 變成 Standards Track 了
#client #clienthello #ech #encrypted #encryption #esni #header #hello #https #rfc #ssl #standards #tls #track
JelleJust found out that you can get #ESNI ^W #ECH #DNS queries working in #Firefox without having to run my own DNS over HTTPS server.
Just set network.dns.native_https_query to true. Bonus points for network.dns.preferIPv6 to make it stop preferring #IPv4 for some reason.
You obviously have to find a way of getting DNS traffic in and out of your network safely. I spread it out over a couple of servers that I host.
Sami Lehtinen@Seirdy @feistyduck I've been waiting for years for it to work. But if we would finally start getting to that direction.
Many also forgot the #ESNI, which didn't work either.
Cloudflare #ECH #test:
https://www.cloudflare.com/ssl/encrypted-sni/
Many also forgot the #ESNI, which didn't work either.
Cloudflare #ECH #test:
https://www.cloudflare.com/ssl/encrypted-sni/
Dhruv AHUJAWe had lots of queries on why TLS ECH is not good/good, so shedding some light on why it was conceived.
(formerly called Encrypted SNI #ESNI)
Chaser Systems (@[email protected])
Attached: 1 image We've added more info on a use case for #TLS Encrypted ClientHello #ECH in our blog post on how to disable it for Google Chrome. The paper that studies "to prevent censors from learning the server names" is now cited 👇 https://chasersystems.com/blog/disabling-encrypted-clienthello-in-google-chrome-and-why/ Image from: china-briefing[.]com
Chaser SystemsGoogle Chrome v117 turned on TLS Encrypted ClientHello by default (on 27 Sep?) This will impact the effectiveness and accuracy of outbound traffic filtering* - for those who've implemented it (regardless of vendor.) We've written a short blog post on disabling it with PowerShell, Windows Registry and Google Chrome UI for those who may need to roll this out ASAP and regain visibility. (Disclosure: we are a vendor of an outbound filtering solution and this has impacted our customers already.)
*for many websites, the domain name visibility during an HTTPS handshake will no longer be available to firewalls/proxies (unless they were terminating.)
https://chasersystems.com/blog/disabling-encrypted-clienthello-in-google-chrome-and-why/
[moved] Floppy 💾💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/
gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/
#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
Encrypted Client Hello - the last puzzle piece to privacy
We're excited to announce a contribution to improving privacy for everyone on the Internet. Encrypted Client Hello, a new standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans.
TorrentFreak RSSEncrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking
https://torrentfreak.com/encrypted-client-hello-ech-effectively-defeats-pirate-site-blocking-231006/
#encryptedclienthello #siteblocking #Cloudflare #Piracy #esni #ECH
Nikka SystemsI tidigare poddavsnitt har vi förklarat hur vikten av att använda VPN-tjänster på publika wifi-nät har minskat. I veckans podd förklarar vi varför ”krypterade hälsningar” minskar behovet ytterligare (på sikt).
