planet.mozilla.org planet.mozilla.org

Encrypted Client Hello: the future of ESNI in Firefox

Background Two years ago, we announced experimental support for the privacy-protecting Encrypted Server Name Indication (ESNI) extension in Firefox Nightly. The Server Name Indication (SNI) TLS extension enables server and certificate selection by transmitting a cleartext copy of the server hostname in the TLS Client Hello message. This represents a privacy leak similar to that of DNS, and just as DNS-over-HTTPS prevents DNS queries...

NSA releases obsolete TLS elimination guidance

On January 5, the National Security Agency released a cybersecurity product detailing how to detect and fix out-of-date encryption protocol implementations. Networks and systems that use deprecated forms of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for traffic sessions are at risk of sensitive data exposure and decryption. The Cybersecurity Information Sheet, “Eliminating Obsolete Transport Layer Security (TLS)...