https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29224#M5986 <HTML><HEAD></HEAD><BODY><P>Well, it did not take long for this to move from theoretical to practical issues:</P><P><A class="link-titled" href="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/" title="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/">https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/</A>&nbsp;</P><P></P><P>Firefox now supports encrypted SNI.</P></BODY></HTML> Sat, 20 Oct 2018 15:22:35 GMT Vladimir 2018-10-20T15:22:35Z https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29222#M5984 <HTML><HEAD></HEAD><BODY><P>The SNI has been a major pain for HTTPS inspection for quite a while and I was told that CP is working on it.</P><P>Today I am seeing the article about CloudFlare implementing&nbsp;Encrypted SNI During TLS Negotation:</P><P><A class="link-titled" href="https://www.bleepingcomputer.com/news/security/cloudflare-improves-privacy-by-encrypting-the-sni-during-tls-negotation/" title="https://www.bleepingcomputer.com/news/security/cloudflare-improves-privacy-by-encrypting-the-sni-during-tls-negotation/">Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotation</A>&nbsp;</P><P></P><P>Can anyone chime in on how this will impact our ability to use HTTPS inspection?</P></BODY></HTML> Mon, 24 Sep 2018 13:54:09 GMT https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29222#M5984 Vladimir 2018-09-24T13:54:09Z https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29223#M5985 <HTML><HEAD></HEAD><BODY><P>I don't see this having a lot of impact initially, given that browsers will also need to support this and the spec is draft.</P><P>It will definitely be something we have to track going forward.</P><P></P><P>I can see this being problematic in situations where HTTPS Categorization is done, where SNI is the only way you can figure out what&nbsp;service the end user is truly accessing.&nbsp;</P></BODY></HTML> Tue, 25 Sep 2018 00:29:11 GMT https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29223#M5985 PhoneBoy 2018-09-25T00:29:11Z https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29224#M5986 <HTML><HEAD></HEAD><BODY><P>Well, it did not take long for this to move from theoretical to practical issues:</P><P><A class="link-titled" href="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/" title="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/">https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/</A>&nbsp;</P><P></P><P>Firefox now supports encrypted SNI.</P></BODY></HTML> Sat, 20 Oct 2018 15:22:35 GMT https://community.checkpoint.com/t5/General-Topics/What-are-the-implications-of-the-Encrypted-SNI-During-TLS/m-p/29224#M5986 Vladimir 2018-10-20T15:22:35Z