Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
brewmarche
4y ago
0 comments
Save
Share
SNI leaks the host name over HTTPS. Also, if the IP addresses are distinct enough they could be used to detect the destination as well.
0 comments
4 comments · 1 top-level
top
newest
oldest
dtech
4y ago
· 3 in thread
Note that isn't the case any more with modern browser + server, TLS 1.3 Encrypted Client Hello (ECH) fixes this.
caskstrength
4y ago
Last time I checked TLS Encrypted Client Hello standard was still under heavy development and implementation in Firefox was disabled by default. Is this not the case anymore?
dtech
4y ago
My mistake, it seems to still be a draft standard
1 more reply
silon42
4y ago
IMO, it's a bad design... SNI encryption should be done by firewall, not the client.
j
/
k
navigate · click thread line to collapse
