Closed Bug 1590642 Opened 5 years ago Closed 5 years ago

ESNI and https proxy does not work correctly

Categories

(Core :: Networking: HTTP, defect, P2)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: dragana, Assigned: dragana)

References

Details

(Whiteboard: [necko-triaged])

We should use ESNI for the tunneled connection, but we do not.

Isn't it happening only for 'be conservative' marked requests?

(In reply to Honza Bambas (:mayhemer) from comment #1)

Isn't it happening only for 'be conservative' marked requests?

It is a different issue. We use esni for the connection to the proxy but not to the end host. We need to fetch esni record for the proxy and for the end host and add the second one to the tls connection inside the tunnel.

Blocks: 1590863

Aha, thanks. It was not clear neither from the title nor comment 0.

Thinking about this this will get a bit complex. without proxy eesni quesry and IP address query are 2 separate queries, but the server behind the ip address should have the keys received by the esni query. This get sometimes challenging to achieve. Now with proxy one query (ip address) is made by the proxy and the other from browser. 2 queries may hit very different dns servers. Maybe we will need to proxy TRR connection as well.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.