Cloudflare ESNI Checker

Discussion in 'privacy general' started by Overkill, Jan 3, 2019.

  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    How can I pass this test with chrome? What adjustments do I make in chrome://flags/?

    I saw this tutorial for FF on a forum...

    https://torrentinvites.org/f31/iptorrents-ipt-news-please-read-507327/#post1230314

     
    Last edited by a moderator: Jan 3, 2019
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Last edited: Jan 3, 2019
  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks, I didn't see that
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    ESNI is in Firefox stable (v64+) you don't need a test/beta version any more.

    But it's correct that only Firefox has this capability, and ESNI itself is still experimental, despite being in a release product.
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Little curiosity.
    I.E.8 on Windows XP will not send SNI information:



    500.JPG
     
  6. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    I'm using the AdGuard desktop app just for one purpose/feature: to "Use Encrypted Client Hello," but...

    It works only for BRAVE :thumb: when I'm using a VPN desktop app with Wireguard.

    Brave encrypted .png

    It does not work with Firefox and VPN with Wireguard (the same settings).
    Even my Firefox TLS 3 is messed up(o_O)


    Firefox encrypted.png

    Encrypted Client does not work with Google Chrome:thumbd:.

    Chrome encrypted.png
    It also does not work with Edge:thumbd: - no matter how hard I try.

    Edge encrypted.png
     
  7. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    This is in Firefox 124.0.1 (with Quad9 DNS).
    With or without VPN doesn't matter:

    Screenshot_20230324.png

    https://support.mozilla.org/en-US/kb/faq-encrypted-client-hello

    It seems the feature is not yet available in Edge.

    In (Ungoogled) Chromium 122 and Chromium Dev 125 it is enabled.
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    What functionality is not available in Edge?

    ;)

    1.jpg
     
  9. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    Now tell me exactly how you did that. :)
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    I opened the browser and clicked the mouse on the test link.:)
    Even with Opera Android same result:

    1.jpg
    It seems simple to me.:thumb:;)
     
  11. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    Of course I did that as well.
    But here Secure SNI was red. :(

    So, what do I have to change in Edge to pass the test?
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    FYI - if you're using an AV solution that performs SSL/TLS protocol scanning, it is most likely the source for Secure SNI failure on the Cloudflare test. Eset's SSL/TLS protocol scanning busts it.
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    It does not work with Brave nor Librewolf for me, not even TLS, lol.

    capture_03242024_204512.jpg

    Run Edge with the parameter (EncryptedClientHello).
    Code:
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --enable-features="EnableCsrssLockdown,EncryptedClientHello,IsolatePrerenders,IsolateSandboxedIframes,RendererAppContainer,WinSboxDisableExtensionPoint" --disable-webgl --no-pings
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EncryptedClientHelloEnabled" /t REG_DWORD /d "1" /f
    capture_03242024_204010.jpg
     
  14. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    I added the parameter ` --enable-features=EncryptedClientHello` to the shortcut and added the registry entry as well (Edge 123.0.2420.53).
    Still didn't work.:(
    I'm not using any AV solution, not even Defender (Windows 10 in a VM).
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
  16. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    Well, here it obviously isn't.
    I can't find the cause of it. :(

    Fortunately, Edge is only used here for test cases and all my other browsers pass the test. :)
     
  17. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    I think you are onto something.
    I have problems with ECH when using Windscribe with Wireguard protocol, but
    the same Firefox has no issues - the Cloudflare test shows YES of ECH, when I'm using a different VPN - HideAway.
     
  18. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    Here is my Firefox without any VPN and set through the Mullvad DNS server.
    No ECH.

    Firefox with Mullvad.png

    Here is my Firefox without any VPN with the Cloudflare DNS server.
    Firefox with Cloudflare.png
     
  19. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    And when you test it in a new profile?
     
  20. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    Here is how my Brave looks with Windscribe and AdGuard.

    Brave with Windscribe VPN and AdGuard.png
     
  21. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    I've checked again my Firefox results with Windscribe.
    Firefox also had the Max Protection with the Mullvad DNS server.
    The same issue.
    I really don't know how accurate that Cloudflare browser test is?

    Firefox with Windscribe VPN.png
     
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    Here are my Edge test results with Windscribe and AdGuard.
    Plus, Edge has internal settings set to Secure DNS - Cloudflare.



    Edge with Windscribe and AdGuard.png

    Edge secure DNS settings.png
     
  23. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    I have a different parameter in that spot - disable web gl.
     
  24. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    You can also test with the pages @Sampei Nihira linked:
    https://defo.ie/ech-check.php
    https://tls-ech.dev/
    A parameter for EncryptedClientHello is not needed any more, since Edge supports ECH by default now (though not in my case...).
     
  25. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    Just now, here is my Edge test with Secure Cloudflare DNS enabled in the settings, without any VPN, and without AdGuard.
    No ECH!
    Edge without VPN& without AdGuard.png



    Here is what's interesting. When I turn AdGuard on, then, I lose TLS 1.3 in that Cloudflare test.
    Edge without VPN but with AdGuard.png

    In short.
    There is so much that I don't know.:confused:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.