You know you think DNS over TLS or DNS over HTTPS is great and you no longer send the domains you visit over cleartext on the internet...
Wrong, prior to TLS 1.3 your browser would request the domain in cleartext as part of the TLS negotiation in a process called Server Name Indication (SNI).
Only with TLS 1.3 did we finally get a Encrypted Client Hello (ECH).
SniProxy
SniProxy based on dnsmasq and nginx It works like shecan.ir in Iran. SniProxy How to Run ?! Install docker and docker-compose Run with docker-compose up -d Change docker-compose.yml based on your preferences ! I try to update the dnsmasq/proxy.conf file based on the internet status of Iran It could be resource intensive task to serve this dns service to many people so bring a powerhouse I tested on a 2gigs 2 cpus vps and It is OK for me, my family, and friends Also dnsmasq […]SNI là gì? Khái niệm và vai trò quan trọng trong bảo mật web
SNI là gì? Khái niệm và vai trò quan trọng trong bảo mật web #SNI #SSL #TLS #BảoMậtWeb #HTTPS #Internet Giới thiệu chung về SNI Server Name Indication (SNI) là một phần mở rộng quan trọng của giao thức TLS/SSL, được sử dụng để chỉ định tên máy chủ mà client (ví dụ: trình duyệt web) muốn kết nối đến trong quá trình thiết lập handshake TLS.
https://bietduoc.io.vn/2025/05/31/sni-la-gi-khai-niem-va-vai-tro-quan-trong-trong-bao-mat-web/
FWIW: der #SNI Tunnel scheint auf der #Embraer Flotte (#WiFi by #IntelSat) nicht mehr zu funktionieren.
Ich habe nur noch nicht herausgefunden ob sie jetzt explizit IP Adressen allowlisten oder ASNs.
https://social.zischundweg.cloud/@wifi_freak/114524050993649494
🕸glané sur le net🕸 Marcelle Berthaud (dite Alouette) 1918-2013: Institutrice, militante du SNI tendance École Émancipée) ; membre des Faucons rouges d'octobre 1934 jusqu'à la guerre, secrétaire administrative de la SFIO du Rhône de 1944 à… #MarcelleBerthaud #Alouette #Education #Militantisme #SNI
Marcelle Berthaud (dite Alouet...
#Taller Introductorio #PCR para Profesionales de la Salud 2025
Impartido por la Dra. #KarinaAcevedoWhitehouse, investigadora de la @UAQmx y #SNI III
Как отключить ECH для вашего домена на Cloudflare
Как вы знаете, Роскомнадзор (РКН) заблокировал технологию Encrypted Client Hello (ECH), а Cloudflare неожиданно принудительно включил её для всех пользователей. Это вызвало серьезные проблемы для тех, кто использует Cloudflare, особенно для пользователей из России. Решим эту проблему! Если вам нужно отключить Encrypted Client Hello (ECH) для вашего домена на Cloudflare, выполните следующие шаги. Этот процесс включает проверку текущего статуса ECH, а затем его отключение через API Cloudflare.
https://habr.com/ru/articles/856602/
#TLS #SNI #ECH #РКН #роскомнадзор #cdn #cloudflare #блокировка_сайтов
РКН заблокировал ECH [SNI]: пользователи Cloudflare под ударом, что дальше?
Cloudflare неожиданно включил всем своим пользователям шифрование заголовка SNI (Server Name Indication). Это значит, что теперь невозможно узнать, к какому сайту происходит подключение через HTTPS. В результате многие сайты, заблокированные в России, стали снова доступны, если они используют Cloudflare. Но не все так просто: шифрование SNI — это всего лишь один из способов маскировки данных, и его не делает подключение полностью невидимым. Роскомнадзор быстро среагировал и заблокировал эту технологию. Подобные меры уже давно применяются в таких странах, как Иран и Китай, где доступ к интернету сильно ограничен.
https://habr.com/ru/articles/856340/
#tls #sni #ркн #роскомнадзор #cloudflare #cdn #блокировка_сайтов
#xcb #development thoughts:
One of the features I'd like to add to #Xmoji is a "system #tray icon". I know these aren't "en vogue" any more, but I like the concept a lot for an application you'll typically leave running and only use from time to time, which is likely a usage pattern for an "#emoji #keyboard".
So, I found a spec based on #XEMBED, X selections and client messages (therefore, pure X inter-client communication), I think I can implement that! 👍
https://specifications.freedesktop.org/systemtray-spec/0.2/
Digging deeper, I found there's a successor called #SNI and the spec above is considered "legacy" (after only 20 years, hehe) 🤨. SNI is based on #dbus. Oh damn ... it's not that I particularly hate dbus, it probably makes a lot of sense for complex desktop environments, but I really want to keep #Xmoji "plain #X11". I'll just use the old spec. At least I found #KDE seems to have a compatibility service: xembed-sni-proxy. No idea about Gnome. But then, screw it.
Web development term of the week:
→ Server Name Indication (SNI)
Desync - 维基教科书,自由的教学读本
https://zh.wikibooks.org/wiki/Desync
自从反诈以来,中国互联网上有越来越多的网友分享自己刚打开某个网站,正准备网上冲浪的时候,突然来了“您正在浏览境外小众网站,请谨慎浏览”或者是“xx网警提醒您,您访问的网站xxx存在用户举报”之类的短信,甚至有的是直接跳脸的闪信,还有的直接就是反诈民警直接电话呼过来,甚至还边响铃边带着这是反诈中心电话,请放心接听之类的闪信,给了不少网友一点小小的反诈震撼,被诈骗之余,网友们可能会好奇他们是怎么知道你在访问什么网站的?诸位网友稍安勿燥,接下来我们将揭开反诈的骗…啊不对,是DNS的面纱,并且帮助大家学习如何保护自己的隐私。
我的网站访问记录是怎么泄露的之用 MosDNS 防止 DNS 泄露并实现分流
https://blog.0ne.day/i/mosdns-dns-c-0KfHuTo35/
You've got to be kidding me #Mozilla
Why does #Firefox need #HTTP2 for #EncryptedClientHello? Where in the goddamn spec does it say that #ECH needs HTTP/2?! First #DNSoverHTTPS or #DoH is required, and now HTTP/2? Really?
Why can't you just let me disable HTTP/2 in peace and use HTTP/1.1 as all web servers should be using. Why does it have to be a choice on whether I can get additional #privacy based on whether I'm using an arbitrary and useless update to the #HTTP protocol. It's just fucking full of politics. First you require TLS if one wants to use HTTP/2, and now HTTP/2 is required if one wants to encrypt their #SNI and the whole #ClientHello. No technical fucking reason at all other than to force people in their crusade against plain text and their obsession with chopping down latency (which didn't work btw which is why they're now pushing #HTTP3 which is just not HTTP anymore with its #UDP bullshit)
This is what happens when you let politician-wannabes dictate your development
💬 "Encrypted Client Hello, a new proposed standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans."
❓ How does the internet like this?
Links for further reading:
The CloudFlare blog: Encrypted Client Hello - the last puzzle piece to privacy
https://blog.cloudflare.com/announcing-encrypted-client-hello/
gHacks: The End of DNS-based Site Blocking is near
https://www.ghacks.net/2023/10/07/the-end-of-dns-based-site-blocking-is-near/
#Cloudflare #ECH #EncryptedClientHello #ServerNameIndication #SNI #ESNI #Security #TLS
📬 Encrypted Client Hello: Das Ende der Sperrung von Piratenseiten?
#Datenschutz #Internet #AntiPiraterie #Cloudflare #DNSBlockaden #ECH #EncryptedClientHello #ServerNameIndication #SNI https://tarnkappe.info/artikel/internet/encrypted-client-hello-das-ende-der-sperrung-von-piratenseiten-281202.html
"Say (an encrypted) hello to a more private internet."
https://blog.mozilla.org/en/products/firefox/encrypted-hello/
"ECH uses a public key fetched over the Domain Name System (DNS) to encrypt the first message between a browser and a website, protecting the name of the visited website from prying eyes and dramatically improving user privacy."
стоит ли такую отдельную хрень на go использовать?
github.com #прокси #https #SNI #обратный
#dnsperf v2.13.0 released!
Added new option `-O tls-sni=...` to set TLS SNI
@dnsoarc #DNS #TLS #SNI #DOT #DOH #Performance #Testing #OpenSource
https://github.com/DNS-OARC/dnsperf/releases/tag/v2.13.0
