OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • TLS 1.3 support
« previous next »
  • Print
Pages: [1]

Author Topic: TLS 1.3 support  (Read 1836 times)

loganx1121

  • Full Member
  • ***
  • Posts: 123
  • Karma: 0
    • View Profile
TLS 1.3 support
« on: May 28, 2021, 03:25:48 am »
Does anyone know if Sensei plans on supporting tls 1.3?  I put a ticket in with sunny valley helpdesk asking this a month ago and I never received a response.

Thanks
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: TLS 1.3 support
« Reply #1 on: May 29, 2021, 05:57:48 pm »
Hi @loganx1121,

TLS 1.3 is already supported. But I guess you're referring to the ESNI (Encrypted SNI) feature of the TLS 1.3 specification when utilized, making it impossible (when used in conjunction with DoH/DoT) for filtering systems to firewall TLS 1.3 ESNI flows since the destination domain/hostname information is then encrypted and not visible.

This will be possible with the Full TLS Inspection feature. This got delayed due to other popular features (Cloud, other platforms, L7 QoS) getting higher priority. We've already implemented the engine part of the solution. The missing parts are the UI components and heavy testing before we make it available for a wider audience. This is the next major delivery we're planning for this year.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • TLS 1.3 support
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2