Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Sensei
»
TLS 1.3 support
« previous
next »
Print
Pages: [
1
]
Author
Topic: TLS 1.3 support (Read 711 times)
loganx1121
Jr. Member
Posts: 91
Karma: 0
TLS 1.3 support
«
on:
May 28, 2021, 03:25:48 am »
Does anyone know if Sensei plans on supporting tls 1.3? I put a ticket in with sunny valley helpdesk asking this a month ago and I never received a response.
Thanks
Logged
mb
Hero Member
Posts: 826
Karma: 87
Re: TLS 1.3 support
«
Reply #1 on:
May 29, 2021, 05:57:48 pm »
Hi @loganx1121,
TLS 1.3 is already supported. But I guess you're referring to the ESNI (Encrypted SNI) feature of the TLS 1.3 specification when utilized, making it impossible (when used in conjunction with DoH/DoT) for filtering systems to firewall TLS 1.3 ESNI flows since the destination domain/hostname information is then encrypted and not visible.
This will be possible with the Full TLS Inspection feature. This got delayed due to other popular features (Cloud, other platforms, L7 QoS) getting higher priority. We've already implemented the engine part of the solution. The missing parts are the UI components and heavy testing before we make it available for a wider audience. This is the next major delivery we're planning for this year.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Sensei
»
TLS 1.3 support
