DEV Community

Cover image for TLS and SNI snooping
Vivek Siva
Vivek Siva

Posted on • Updated on

TLS and SNI snooping

Theoretically every web application you visit can be snooped by your ISP OR WORST if it uses TLS1.2 ... 🤗

Enter
1) TLS 1.3 with encrypted SNI to your rescue
2) tor
3) custom DNS (cloudflare 1.1.1.1)

Details :

“The client adds the SNI extension containing the hostname of the site it’s connecting to to the ClientHello message. It sends the ClientHello to the server during the TLS handshake. Unfortunately the ClientHello message is sent unencrypted, due to the fact that client and server don’t share an encryption key at that point.

TLS 1.3 with Unencrypted SNI
This means that an on-path observer (say, an ISP, coffee shop owner, or a firewall) can intercept the plaintext ClientHello message, and determine which website the client is trying to connect to. That allows the observer to track which sites a user is visiting.” #Security #cyberdefense #cyberawareness #attacks #webapplicationsecurity #firewall #networksecurity #network #DNS #dnssecurity

More info at https://www.google.com/amp/s/blog.cloudflare.com/encrypted-sni/amp/

Discussion (0)