Open Bug 1590642 Opened 2 months ago Updated 2 months ago

ESNI and https proxy does not work correctly

Categories

(Core :: Networking: HTTP, defect, P2)

defect

Tracking

()

ASSIGNED

People

(Reporter: dragana, Assigned: dragana)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

We should use ESNI for the tunneled connection, but we do not.

Isn't it happening only for 'be conservative' marked requests?

(In reply to Honza Bambas (:mayhemer) from comment #1)

Isn't it happening only for 'be conservative' marked requests?

It is a different issue. We use esni for the connection to the proxy but not to the end host. We need to fetch esni record for the proxy and for the end host and add the second one to the tls connection inside the tunnel.

Blocks: esni

Aha, thanks. It was not clear neither from the title nor comment 0.

Thinking about this this will get a bit complex. without proxy eesni quesry and IP address query are 2 separate queries, but the server behind the ip address should have the keys received by the esni query. This get sometimes challenging to achieve. Now with proxy one query (ip address) is made by the proxy and the other from browser. 2 queries may hit very different dns servers. Maybe we will need to proxy TRR connection as well.

You need to log in before you can comment on or make changes to this bug.