top | item 45497083

(no title)

Not quite. In order to make TLS certs work on a per-site basis, requests sent over HTTPS also include a virtual host indicator in cleartext that shows the hostname of the site you’re trying to connect to, so if the IP on the other end is hosting multiple domains it can find the right cert. For this reason some people feel that DNS over TLS is pretty pointless as a privacy measure.

discuss

ahlCVA|4 months ago

SNI leakage is what encrypted client hello (ECH) tries to solve: https://blog.cloudflare.com/announcing-encrypted-client-hell...

It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.

MrOwen|4 months ago

I think this is only true if SNI is disabled. Otherwise you really only get the IP of SRC and DEST.

appointment|4 months ago

SNI relies on the client specifying the host name in the unencrypted ClientHello message that initiates a TLS handshake. Encrypted Client Hello involves extra configuration that most websites don't implement.