cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Vladimir
Pearl

What are the implications of the Encrypted SNI During TLS Negotation?

The SNI has been a major pain for HTTPS inspection for quite a while and I was told that CP is working on it.

Today I am seeing the article about CloudFlare implementing Encrypted SNI During TLS Negotation:

Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotation 

Can anyone chime in on how this will impact our ability to use HTTPS inspection?

Tags (2)
2 Replies
Admin
Admin

Re: What are the implications of the Encrypted SNI During TLS Negotation?

I don't see this having a lot of impact initially, given that browsers will also need to support this and the spec is draft.

It will definitely be something we have to track going forward.

I can see this being problematic in situations where HTTPS Categorization is done, where SNI is the only way you can figure out what service the end user is truly accessing. 

Vladimir
Pearl

Re: What are the implications of the Encrypted SNI During TLS Negotation?

Well, it did not take long for this to move from theoretical to practical issues:

https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/ 

Firefox now supports encrypted SNI.