|
|
|
|
|
|
by tialaramex
2439 days ago
|
|
|
No, it isn't part of TLS 1.3 At the point where the last drafts of TLS 1.3 were shaping up, Eric (Rescorla)'s initial ideas for how to achieve eSNI had failed and the extant draft was only a problem statement. It basically said: Here is what eSNI needs to achieve in our opinion, we don't know how to do that Between that point and when TLS 1.3 was published, several people brainstormed a proof of concept for how to actually make it work, which so far led to the draft you've linked. The eSNI draft is defined as an extension to TLS 1.3 but - since the whole point is to deny snoopers information about who we're talking to - if we have to "fall back" to not doing eSNI because the server isn't compatible then we lost. Cloudflare and Firefox devs cooperate to implement drafts of eSNI, so if you have a recent Firefox and a site which has opted into Cloudflare's trial of this feature, then it works for you, but the drafts definitely will change further and you should not go building anything based on this draft that you aren't able to support updating to future drafts or abandon altogether weeks or months from now. |
|
|
Well, at least not yet with the latest release version of Firefox (v69). Tested with Cloudflare's own page for testing eSNI browser support (and TLS 1.3, DNSSEC & DoH). Firefox supports the other three but not eSNI, according to that page. Even the Dev channel (v71) has no support.
https://www.cloudflare.com/ssl/encrypted-sni/