QUIC , ECH & TLSv1.3 parallelism
I had some question regarding QUIC / ECH, which could also be browser (firefox) dependent. I will make a thread to not clutter general
4 Replies
I enabled HTTP3, ECH etc. in firefox, and was trying to visit a website behind cloudflare (in this case
https://1337x [dot] to)
My main "research" (just hobby investigation) is around SNI leakage, and I remember back when ESNI was a thing it worked flawlessly
With ECH though, if I'm not mistaken it only works on QUIC
However, when I navigate to the website for the "first time" (via private window), There is both an initial QUIC connection, as well as a TLSv1.3 (over TCP) connection.
As a result, the domain is leaked via SNI in the TLSv1.3 ClientHello. However the end website does support QUIC, so all the actual data transfer / page loading happens over that
My question is - can Cloudflare do anything to "fix" this? Or is it more of a "firefox" thing, and the browser needs to "wait" longer after the QUIC attempt before falling back to TLS/TCP?Actually now that I look at it, seems the QUIC ClientHello can be "decrypted" MiTM which also exposes the SNI
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View