cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Vladimir
Pearl

Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

Just stumbled on this article: Don't panic about domain fronting, an SNI fix is getting hacked out • The Register 

and wanted to get some feedback from Check Point gurus on how this will be addressed.

There are already issues with SNI and SSL inspection, what is being done to address those as well as ESNI?

3 Replies
Admin
Admin

Re: Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

This is something that is on our radar for sure.

As to the specifics, it's probably too soon to say.

0 Kudos

Re: Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

Google will be enforcing TLS 1.3 with their web sites with Chrome 72. This will impact primarily SSL inspection.

Also CloudFlare announced their support for ESNI. This will impact AppControl and other blades.

My personal impression is that it will become more and more important to push the security envelope towards the clients.

0 Kudos
Vladimir
Pearl

Re: Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

And just to make things more interesting, there is now a DNS over HTTPS RFC 8484:

RFC 8484 - DNS Queries over HTTPS (DoH)