This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2018-07-17 05:14 AM

Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

Just stumbled on this article: Don't panic about domain fronting, an SNI fix is getting hacked out • The Register 

and wanted to get some feedback from Check Point gurus on how this will be addressed.

There are already issues with SNI and SSL inspection, what is being done to address those as well as ESNI?

6 Replies
PhoneBoy
Admin
Admin
‎2018-07-19 10:48 AM

This is something that is on our radar for sure.

As to the specifics, it's probably too soon to say.

0 Kudos
Martin_Seeger
Collaborator
‎2018-10-23 01:18 AM

Google will be enforcing TLS 1.3 with their web sites with Chrome 72. This will impact primarily SSL inspection.

Also CloudFlare announced their support for ESNI. This will impact AppControl and other blades.

My personal impression is that it will become more and more important to push the security envelope towards the clients.

Vladimir
Champion
Champion
‎2018-10-23 07:45 AM

And just to make things more interesting, there is now a DNS over HTTPS RFC 8484:

RFC 8484 - DNS Queries over HTTPS (DoH) 

Marcos_Vieira1
Contributor
‎2020-05-27 07:09 AM
In response to Vladimir

TLS 1.3 still not supported. Any roadmap?

0 Kudos
Chris_Atkinson
Employee
Employee
‎2021-01-21 05:37 AM
In response to Marcos_Vieira1

TLS 1.3 support was introduced in Q4-2020 with the release of R81.

0 Kudos
Nadav_Feigenbla
Employee
Employee
‎2021-01-21 08:04 AM
In response to Marcos_Vieira1

Thanks @Chris_Atkinson .

For more info on TLS1.3 inspection enablement in R81, pls refer to:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

 

0 Kudos