| ▲ | ronsor 3 hours ago |
| TLS 1.3, including the ECH extension, does not permit downgrading, unless your implementation is broken. Trying to downgrade or strip extensions from any TLS 1.3 connection will simply break the connection. |
|
| ▲ | hypeatei 3 hours ago | parent [-] |
| In the wild, that's not true at all[0][1]. The corporate firewall at my employer actually wasn't able to block ECH until they updated it then it was able to block sites as usual. 0: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Ho... 1: https://docs.broadcom.com/doc/symantec-ech-whitepaper (see page 8) |
| |
| ▲ | dilyevsky 2 hours ago | parent | next [-] | | I ready the FortiGate link and this is the gist: The DNS filter setting on the FortiGate analyzes the DoH traffic and strips out the ECH parameters sent by the DNS server in the DoH response. If the client does not receive those parameters, it cannot encrypt the inner SNI, so it will send it in clear text.
So basically they mess with DoH ECH config and trigger fallback behavior in the clients. I don't think any browsers do this yet but I think this loophole is not gonna last. | |
| ▲ | dilyevsky 2 hours ago | parent | prev [-] | | This is literally impossible. What your corp fw likely does is mitm outer SNI because your IT department installed your company CA in every client's trust store. So unless you do that at national level your only other option is to block ECH entirely. Edit: actually totally possible but you need build quantum computer with sufficient cubits first =) |
|
