X
Tap here to go to the mobile version of the site.

Support Forum

Securedns and encrypted sni fails when connected to Firefox Private Network.

Posted

Securedns and encrypted sni fails when connected to Firefox Private Network.

Securedns and encrypted sni fails when connected to Firefox Private Network.
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Safari/605.1.15

More Information

Ballison
  • Top 25 Contributor
  • Administrator
14 solutions 81 answers

Hi RubberDucky,

When you say that Secure DNS and Encrypted SNI both failed, are you referencing Cloudflare's Browser Security Check?

Hi RubberDucky, When you say that Secure DNS and Encrypted SNI both failed, are you referencing [https://www.cloudflare.com/ssl/encrypted-sni/ Cloudflare's Browser Security Check]?
Was this helpful to you?
Quote

Question owner

Yes I’m referring to the cloudflares browser security check.

Yes I’m referring to the cloudflares browser security check.
Was this helpful to you?
Quote
Ballison
  • Top 25 Contributor
  • Administrator
14 solutions 81 answers

Thank you for confirming! I'm sorry about the delayed responses.

Encrypted SNI fails in that test is because a bug (1590642) is currently preventing it from functioning correctly while using a proxy service.

As for Secure DNS, is the test failing on it or is it showing inconclusive (orange circle with white question mark)? When I am running the test with FPN enabled, it shows that it is inconclusive, but didn't necessarily fail. FPN does actually support Secure DNS, so if it is showing a hard fail on the test, this could be a connectivity problem.

Could you run the test again and let me know which status you're receiving for Secure DNS on the test (pass, fail, or inconclusive as mentioned above)?

Thank you for confirming! I'm sorry about the delayed responses. Encrypted SNI fails in that test is because a bug ([https://bugzilla.mozilla.org/show_bug.cgi?id=1590642 1590642]) is currently preventing it from functioning correctly while using a proxy service. As for Secure DNS, is the test ''failing'' on it or is it showing ''inconclusive'' (orange circle with white question mark)? When I am running the test with FPN enabled, it shows that it is inconclusive, but didn't necessarily fail. FPN does actually support Secure DNS, so if it is showing a hard fail on the test, this could be a connectivity problem. Could you run the test again and let me know which status you're receiving for Secure DNS on the test (pass, fail, or inconclusive as mentioned above)?

Modified by Ballison

Was this helpful to you?
Quote
My_Cheese_Is_Slippin'
  • Top 10 Contributor
85 solutions 886 answers

Note that ESNI is not enabled in Firefox by default and it is not enabled by Firefox Private Network.

The primary goal of ESNI is to mask your activity from your ISP. Doesn't FPN do that anyway?

Maybe, enabling ESNI with FPN causes some sort of conflict, which is why FPN doesn't enable it and would explain why the ESNI Check fails when it is enabled.

As far as the Secure DNS check is concerned, I found this from Router Security: "One feature of Cloudflare DNS is encryption. The connection between your computer and their DNS server is encrypted using one of two fairly new approaches: DNS over TLS or DNS over HTTP. This is only an issue when you are not using a VPN. A VPN encrypts everything (when it is working correctly) coming and going from the computer so there is no need to pay special attention to encrypting DNS."

Try testing with https://1.1.1.1/help/ both with and without FPN enabled.

Note that ESNI is not enabled in Firefox by default and it is not enabled by Firefox Private Network. The primary goal of ESNI is to mask your activity from your ISP. Doesn't FPN do that anyway? Maybe, enabling ESNI with FPN causes some sort of conflict, which is why FPN doesn't enable it and would explain why the ESNI Check fails when it is enabled. As far as the Secure DNS check is concerned, I found this from Router Security: "One feature of Cloudflare DNS is encryption. The connection between your computer and their DNS server is encrypted using one of two fairly new approaches: DNS over TLS or DNS over HTTP. This is only an issue when you are not using a VPN. A VPN encrypts everything (when it is working correctly) coming and going from the computer so there is no need to pay special attention to encrypting DNS." Try testing with https://1.1.1.1/help/ both with and without FPN enabled.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.