Feature Request: Support for TLS 1.3 Encrypted SNI (ESNI) / Encrypted Client Hello (ECH)

Feature Request

Please add support für ESNI / ECH in Watchguard Fireware.

Infos:

1: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni

2: https://en.wikipedia.org/wiki/ESNI#Encrypted_Client_Hello

Kind regards
Daniel

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Daniel_Meyer
    Could you please provide some information on what you're trying to do with this feature?
    Are you attempting to make an exception, block/allow traffic based off of this, etc?

    -James Carson
    WatchGuard Customer Support

  • We need support for ECH in https-proxy/deep-packet-inspection to allow/block/filter websites using the technique

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Daniel_Meyer
    This appears to have been enacted in v12.4 via FBX-11152
    If you're running 12.4 or better, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.