QUIC , ECH & TLSv1.3 parallelism

I had some question regarding QUIC / ECH, which could also be browser (firefox) dependent. I will make a thread to not clutter general
4 Replies
poiasd
poiasdOP3y ago
poiasd
poiasdOP3y ago
I enabled HTTP3, ECH etc. in firefox, and was trying to visit a website behind cloudflare (in this case https://1337x [dot] to) My main "research" (just hobby investigation) is around SNI leakage, and I remember back when ESNI was a thing it worked flawlessly With ECH though, if I'm not mistaken it only works on QUIC However, when I navigate to the website for the "first time" (via private window), There is both an initial QUIC connection, as well as a TLSv1.3 (over TCP) connection. As a result, the domain is leaked via SNI in the TLSv1.3 ClientHello. However the end website does support QUIC, so all the actual data transfer / page loading happens over that My question is - can Cloudflare do anything to "fix" this? Or is it more of a "firefox" thing, and the browser needs to "wait" longer after the QUIC attempt before falling back to TLS/TCP?
poiasd
poiasdOP3y ago
Actually now that I look at it, seems the QUIC ClientHello can be "decrypted" MiTM which also exposes the SNI
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server