12
edits
Security/Encrypted Client Hello: Difference between revisions
Security/Encrypted Client Hello (view source)
Revision as of 09:15, 30 September 2025
, 30 September 2025Add some text for when the HOSTs file overrides DNS
(Update ECH page to reflect latest changes in Firefox 129) |
(Add some text for when the HOSTs file overrides DNS) |
||
| Line 153: | Line 153: | ||
Support is also available in Firefox and Chromium. Webkit / Safari have [https://github.com/WebKit/standards-positions/issues/46 indicated] support for ECH, but have not implemented it. Caddy has yet to make a [https://github.com/caddyserver/caddy/issues/4221 decision]. | Support is also available in Firefox and Chromium. Webkit / Safari have [https://github.com/WebKit/standards-positions/issues/46 indicated] support for ECH, but have not implemented it. Caddy has yet to make a [https://github.com/caddyserver/caddy/issues/4221 decision]. | ||
==== Situations where ECH is unavailable ==== | |||
If Firefox resolves a domain name via the machine's HOSTs file, then it won't perform the necessary DNS lookups to fetch ECHConfigs meaning that ECH won't be used. This is because the HOSTs file needs to override normal means of resolving a name and trying to supplement this information with DNS results might lead to unwanted or unexpected behavior for users (e.g. if the HOSTs file is directing the machine to localhost, a sinkhole, or an intranet site). In particular, a machine's name is typically added to the HOSTs file automatically, so setting a machine name of example.org will override DNS results to return localhost for example.org. | |||