Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Impact of upcoming ESNI with TLS 1.3 on App Control and URLF

Just stumbled on this article: Don't panic about domain fronting, an SNI fix is getting hacked out • The Register 

and wanted to get some feedback from Check Point gurus on how this will be addressed.

There are already issues with SNI and SSL inspection, what is being done to address those as well as ESNI?

6 Replies
PhoneBoy
Admin
Admin

This is something that is on our radar for sure.

As to the specifics, it's probably too soon to say.

0 Kudos
Martin_Seeger
Collaborator

Google will be enforcing TLS 1.3 with their web sites with Chrome 72. This will impact primarily SSL inspection.

Also CloudFlare announced their support for ESNI. This will impact AppControl and other blades.

My personal impression is that it will become more and more important to push the security envelope towards the clients.

Vladimir
Champion
Champion

And just to make things more interesting, there is now a DNS over HTTPS RFC 8484:

RFC 8484 - DNS Queries over HTTPS (DoH) 

Marcos_Vieira1
Contributor

TLS 1.3 still not supported. Any roadmap?

0 Kudos
Chris_Atkinson
Employee
Employee

TLS 1.3 support was introduced in Q4-2020 with the release of R81.

0 Kudos
Nadav_Feigenbla
Employee
Employee

Thanks @Chris_Atkinson .

For more info on TLS1.3 inspection enablement in R81, pls refer to:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

 

0 Kudos