#encryptedclienthello — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #encryptedclienthello, aggregated by home.social.
-
Cloudflare Asks Court to End LaLiga’s “Illegal” Blocking Response to Encrypted Client Hello
#encryptedclienthello #dynamicinjunction #SiteBlocking #Anti-Piracy #Cloudflare #LaLiga #iptv #ECH
-
Роскомнадзор начал блокировку сайтов с шифрованием ECH (Encrypted Client Hello) от Cloudflare.
Недавно Cloudflare внедрила технологию ECH для всех сайтов на своих серверах — это 24 млн страниц.
-Активное шифрование ECH нарушает российское законодательство, так как имеет возможности обхода ограничений доступа к запрещенной информации в России.
Пользователи в РФ уже начали жаловаться на недоступность тысяч сайтов, использующих ECH.
Роскомнадзор советует владельцам ресурсов отказаться от использования CDN-сервиса CloudFlare и переходить на отечественные CDN-сервисы.
src:
https://portal.noc.gov.ru/ru/news/2024/11/07/%D1%80%D0%B5%D0%BA%D0%BE%D0%BC%D0%B5%D0%BD%D0%B4%D1%83%D0%B5%D0%BC-%D0%BE%D1%82%D0%BA%D0%B0%D0%B7%D0%B0%D1%82%D1%8C%D1%81%D1%8F-%D0%BE%D1%82-cdn-%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%B0-cloudflare/
https://habr.com/ru/news/856722/#ркн #Роскомнадзор #ркн_заебал #cloudflare #ech #encryptedclienthello #rf #рф
-
For people asking why Encrypted Client Hello is so important:
Even if you are using DOH (or ODoH), your ISP can see what websites your visiting (and then sell to NSA) by inspecting the certificate SNI field. Even with Encrypted SNI (ESNI), there are artifacts of the TLS session establishment leaked that can be used for TLS Fingerprinting - things like ALPN, and cipher suite.
-
The first fully merged, audited and shipped bit of code from our https://defo.ie project is Hybrid Public Key Encryption (#HKPE RFC9180), was shipped by #OpenSSL https://openssl.org/blog/blog/2023/10/18/ossl-hpke/ Its core to #EncryptedClientHello #ECH and #MessagingLayerSecurity #MLS
-
You've got to be kidding me #Mozilla
Why does #Firefox need #HTTP2 for #EncryptedClientHello? Where in the goddamn spec does it say that #ECH needs HTTP/2?! First #DNSoverHTTPS or #DoH is required, and now HTTP/2? Really?
Why can't you just let me disable HTTP/2 in peace and use HTTP/1.1 as all web servers should be using. Why does it have to be a choice on whether I can get additional #privacy based on whether I'm using an arbitrary and useless update to the #HTTP protocol. It's just fucking full of politics. First you require TLS if one wants to use HTTP/2, and now HTTP/2 is required if one wants to encrypt their #SNI and the whole #ClientHello. No technical fucking reason at all other than to force people in their crusade against plain text and their obsession with chopping down latency (which didn't work btw which is why they're now pushing #HTTP3 which is just not HTTP anymore with its #UDP bullshit)
This is what happens when you let politician-wannabes dictate your development -
#Firefox requiring the use of its own #DNSoverHTTPS or #DoH resolver in order to use #EncryptedClientHello or #ECH is stupid; there's nowhere AFAICS in the draft spec where ECH needs DoH to function. Why has this landed in stable? Why can't they just use the OS resolver for the ECH? The fuck #Mozilla? :parsee_angy:
-
TLS ECH (ESNI) detection code runs in production 3 years after first inclusion.
Writing those tests for packet captures from custom compiled curl wasn't futile after all.
-
Google Chrome v117 turned on TLS Encrypted ClientHello by default (on 27 Sep?) This will impact the effectiveness and accuracy of outbound traffic filtering* - for those who've implemented it (regardless of vendor.) We've written a short blog post on disabling it with PowerShell, Windows Registry and Google Chrome UI for those who may need to roll this out ASAP and regain visibility. (Disclosure: we are a vendor of an outbound filtering solution and this has impacted our customers already.)
*for many websites, the domain name visibility during an HTTPS handshake will no longer be available to firewalls/proxies (unless they were terminating.)
https://chasersystems.com/blog/disabling-encrypted-clienthello-in-google-chrome-and-why/
-
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
-
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
-
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
-
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
-
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
-
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html -
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html -
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html -
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html -
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html -
Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking
https://torrentfreak.com/encrypted-client-hello-ech-effectively-defeats-pirate-site-blocking-231006/
#encryptedclienthello #siteblocking #Cloudflare #Piracy #esni #ECH
-
https://torrentfreak.com/encrypted-client-hello-ech-effectively-defeats-pirate-site-blocking-231006/
CloudFlare has enabled Encrypted Client Hello (ECH) for all free plans. The new privacy feature makes it impossible for Internet providers to track which websites subscribers visit. As a result, it also renders pirate site-blocking efforts useless, if both the site and the visitor have ECH enabled.
#Cloudflare #EncryptedClientHello #ECH #Privacy #Encryption #Piracy #SiteBlocking
-
Bref, Mozilla a activé #EncryptedClientHello dans #Firefox 118 , mais uniquement s'il est configuré pour utiliser #DNSoverHTTPS.
Y en dans Chrome aussi, a priori avec les mêmes conditions pour en profiter (ça semblerait logique)
