[squid-users] Is this the next step of SSL encryption? Fwd: Encrypted SNI

Amish anon.amish at gmail.com
Fri Oct 19 08:01:42 UTC 2018


Today Cloudflare added more information that Firefox has already added 
the support for ESNI in Nightly.

https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/

Looks like ssl_bump is going to break once ESNI and Encrypted DNS are 
universal. (Ofcourse it may be few years away)

Probably only way out to detect the domain name would be by implementing 
CONNECT proxy instead of transparent one.

I am happy with complete encryption all over but its going to be more 
and more difficult to convince bosses!! :D

Regards,

Amish.

On 19/10/18 11:26 AM, Eliezer Croitoru wrote:
> I have seen this post and I was wondering, is this the next step of 
> SSL encryption?
>
> Eliezer
>
> -------- Original Message --------
> Subject: Fwd: Encrypted SNI
> Date: 2018-10-03 20:40
> From: Владислав Толмачев <tolmachev.vlad at gmail.com>
> To: nginx at nginx.org
> Reply-To: nginx at nginx.org
>
> When nginx will emplemented Encrypted SNI support?
> Cloudflare already do this,
> https://www.cloudflare.com/ssl/encrypted-sni/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



More information about the squid-users mailing list