logoalt Hacker News

Benderyesterday at 9:40 PM1 replyview on HN

The goal is to solve that with ECH which requires the person is using DoH. That can be verified here [1]

[1] - https://tls-ech.dev/


Replies

ck2yesterday at 9:48 PM

ah forgot about ECH

* https://blog.cloudflare.com/encrypted-client-hello/

what's weird is my ancient version of chrome passes ECH

but my Firefox ESR does not have ECH and I cannot figure out how to turn it on in about:config, googling fails me

wait! found it, 3rd times the charm

         network.dns.echconfig.enabled
set to TRUE = ECH enabled, passes test

* https://www.cloudflare.com/ssl/encrypted-sni/