Closed Bug 1558003 Opened 5 years ago Closed 5 years ago

ESNI configuration option not working

Categories

(Core :: Networking, enhancement)

Product:
Core
Component:
Networking
Version:
68 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1542754

People

(Reporter: maxh, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3817.0 Safari/537.36

Steps to reproduce:

With network.security.esni.enabled set to true, I used Cloudflare's ESNI check service.

Actual results:

The service reports that Firefox did not encrypt the SNI.

Expected results:

Firefox should encrypt the SNI.

That does work. I would argue, though, that it should not be required. My computer is already set up to use DNS over TLS directly — why do I need to add an HTTP layer to DNS requests to be able to encrypt the SNI?

Type: defect → enhancement

Valentin, can you please elaborate what is expected here?

Flags: needinfo?(valentin.gosu)

(In reply to Max Harmony from comment #2)

That does work. I would argue, though, that it should not be required. My computer is already set up to use DNS over TLS directly — why do I need to add an HTTP layer to DNS requests to be able to encrypt the SNI?

See bug 1542754 comment 3
At the moment Firefox can only resolve TXT records using TRR (DoH), so that is required in order for ESNI to work.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(valentin.gosu)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.