How to enable Secure SNI support in luci-app-https-dns-proxy?

Hi all
Tell me what additional packages need to be installed for this or what needs to be done for this?

why would you need SNI support in luci-app-https-dns-proxy ?

1 Like

bypasses some blocked sites by your ISP

ok, let me rephrase,

what does luci-app-https-dns-proxy have to do with SNI ?

how will the combo of those two help you reach your goal ?


I don’t know, therefore, I ask whether it is real or not, but there is nothing impossible, right ?

they are blocked how ?
DNS ? IP ?

no you didn't, reread your own question/post ...

true, I usually use luci-app-https-dns-proxy together with a spicy chicken tikka masala.

I enabled SNI in Firefox and sites began to open, I would like to do this somehow at the router level, I have a cool utility luci-app-https-dns-proxy and I thought maybe it’s possible to do this through it somehow

are you using some old FF version ?

that feature seems to have been dropped

are you saying https-dns-proxy doesn't bypass your ISPs filters ?

1 Like

look at the site and when you turn it on in Firefox everything becomes fine, I would like to somehow implement this at the router level, it’s just that luci-app-https-dns-proxy does not suit the check, red cross

It's not possible, I'm afraid. Firefox deliberately enables ECH (ESNI) only if DNS traffic was encrypted directly to Firefox.

P.S. enabling ECH without encrypted DNS makes no sense since the key distributed via DNS and can be used for an attack. In theory you can make your own DoH server and use it to bypass this protection.

1 Like

Hi all
I want to set up DNS encryption in Secure SNI, but it doesn’t work, please tell me step by step how to do it if anyone knows.

Where does stunnel come into the picture?

1 Like

Can you tell me how to do this?
Or is this not real? Not necessarily through stunnel, but how, please tell me, I didn’t find information on the net, all hope is in the forum

Can't tell you anything, since we don't know what you'd like to achieve.

I want to make the DNS request encrypted using Secure SNI

Encrypted Client Hello (ECH) is an extension of the TLS handshake protocol that prevents privacy-sensitive parameters of the handshake from being exposed to anyone between you and Cloudflare. This protection extends to the Server Name Indication (SNI), which would otherwise expose the hostname that you want to connect to when establishing a TLS connection.

1 Like

I read this, in a nutshell he said he doesn’t know

How are DNS requests related to Secure SNI?

I'm not sure why you posted information on ECH.

You do realize that you've listed approximately 3 different technologies (i.e. ECH, Secure SNI and DNS Encryption) in your thread - and yet it's still not yet clear what you want to accomplish with an OpenWrt device.

I read "it's not possible" - and he proceeds to explain why. It's actually the first sentence you quoted.

Also - this thread is a duplicate:

@psherman - can we merge threads?

1 Like

where the red cross is, I want to make sure it wasn’t there website for checking