poiasd
poiasd
PostsComments
CDCloudflare Developers
Created by poiasd on 8/8/2023 in #general-help
ECH Support news?
Just wondering since ESNI for some time provided mitigations against SNI (even if behind extra flags), just unfortunate to have lost that
5 replies
CDCloudflare Developers
Created by poiasd on 8/8/2023 in #general-help
ECH Support news?
Yeah that was the one I looked at as well, but already 1.5 years old 😄 I get that ECH isnt even official yet iirc (still draft)
5 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
My question is - can Cloudflare do anything to "fix" this? Or is it more of a "firefox" thing, and the browser needs to "wait" longer after the QUIC attempt before falling back to TLS/TCP?
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
As a result, the domain is leaked via SNI in the TLSv1.3 ClientHello. However the end website does support QUIC, so all the actual data transfer / page loading happens over that
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
However, when I navigate to the website for the "first time" (via private window), There is both an initial QUIC connection, as well as a TLSv1.3 (over TCP) connection.
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
With ECH though, if I'm not mistaken it only works on QUIC
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
My main "research" (just hobby investigation) is around SNI leakage, and I remember back when ESNI was a thing it worked flawlessly
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
I enabled HTTP3, ECH etc. in firefox, and was trying to visit a website behind cloudflare (in this case https://1337x [dot] to)
9 replies
CDCloudflare Developers
Created by poiasd on 11/27/2022 in #general-discussions
QUIC , ECH & TLSv1.3 parallelism
9 replies