Run wireshark on an ssl connection. The server certificate is sent in plaintext.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hedora on Feb 25, 2020 \| parent \| context \| favorite \| on: Mozilla’s DNS over HTTPs Run wireshark on an ssl connection. The server certificate is sent in plaintext. It includes the DNS name of the server you connected to. DoH would make sense in a world where that was fixed. (Though DNS over TLS is also a thing, and makes strictly more sense than DoH from what I can tell...)

cesarb on Feb 25, 2020 | [–]

> The server certificate is sent in plaintext.

Not with TLS 1.3, which moves the server certificate to the encrypted part of the handshake.

bzbarsky on Feb 25, 2020 | | [–]

This is why people are also working on shipping ESNI, which will stop sending the DNS name in plaintext in the cert.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact