Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2024-11-22 12:09:28 +01:00
Code Issues Projects Releases Wiki Activity

2024-05-17-https-everywhere.md: clarify ECH+DoH being Chromium thing, mention Firefox network.dns.native_https_query

Browse Source
This commit is contained in:
Aminda Suomalainen 2024-05-18 10:42:37 +03:00
parent d7334b7177
commit a8f4265a62
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
blog/_posts/2024-05-17-https-everywhere.md
View File

@ -101,7 +101,7 @@ link._
To put `EncryptedClientHello` simply, it will hide which domain you are To put `EncryptedClientHello` simply, it will hide which domain you are
requesting from https capable web server, which may be serving multiple requesting from https capable web server, which may be serving multiple
domains when DNS-Over-HTTPS is used (browser restriction, not ECH), while domains when DNS-Over-HTTPS is used ([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
generally the query for `example.net` would go in plaintext alongside _Server generally the query for `example.net` would go in plaintext alongside _Server
Name Indication_. Name Indication_.
@ -149,7 +149,7 @@ Firefox is a bit more complicated in the sense that everything belongs to one
`policies.json` file, so there is no separating different policies to `policies.json` file, so there is no separating different policies to
different files _and_ there is no direct policy for HTTPS-only mode. different files _and_ there is no direct policy for HTTPS-only mode.
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_! [This will mask LibreWolf's policy](https://codeberg.org/librewolf/issues/issues/1767) _**WARNING for [LibreAwoo](https://librewolf.net/) users**_! [This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
(`/usr/share/librewolf/distribution/policies.json`, (`/usr/share/librewolf/distribution/policies.json`,
[codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)), [codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)),
so make sure to copy the parts you wish to use before applying this (although so make sure to copy the parts you wish to use before applying this (although
@ -249,9 +249,13 @@ values.
- Which URL is used for queries? I am under impression that unlike with - Which URL is used for queries? I am under impression that unlike with
Chromium, multiple addresses aren't allowed here. Chromium, multiple addresses aren't allowed here.
_I have a temptation to also write about preferring IPv6 connections through _Have you seen a note about temptation to write about IPv6 here? Perhaps you
DoH in Firefox, but that would be even more off-topic and this page already are looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
provides all the examples and links interested reader would need for that._
**Updated note on Firefox ECH:** DNS-Over-HTTPS is no longer required for ECH,
since `network.dns.native_https_query` exists (if you aren't using ESR
branch on version 115). You should already know how to enable it if you have
read this far :smirk_cat:
## Documentation and other policies ## Documentation and other policies