top | item 39852310

(no title)

The biggest difference I'm aware of is TLS 1.3 encrypts the initial handshake[0] in a way to prevent eavesdropping the hostname of the destination. Prior to that, you could get the hostname via network monitoring if you wanted. Encrypting the TLS handshake didn't maker sense to prioritize though as DNS requests were sent in the clear.

However with DNS increasingly being encrypted with DoH and DoT, the TLS handshake was one of the only places you could eavesdrop on the destination hostname, until it was removed in 1.3.

Of course network monitoring will still give you the destination IP, but those are increasingly overwhelmingly destined for a major cloud or CDN provider which doesn't provide much context about the actual destination.

If you'll forgive the shameless self-promo, I covered a decent amount of this in my Blackhat talk about encrypted DNS a few years back: https://www.youtube.com/watch?v=XCnE2o2pfxs

0: https://blog.cloudflare.com/encrypted-client-hello/

discuss

dochtman|1 year ago

I’m confused — with TLS 1.3 Server Name Indication is still usually sent in the clear, unless you’re also using Encrypted ClientHello, right?

gsich|1 year ago

Correct. Not sure if ECH is still in draft state.

tptacek|1 year ago

I don't think this is the big issue banks have with TLS 1.3. Nick Lamb's sibling comment is, I think, the crux of this issue.