Firefox encrypted sni breaks sites when adguard service is running

Discussion in 'Technical Support (AdGuard for Windows)' started by Fr9Tcm, Jan 13, 2019 at 6:33 PM.

  1. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30
    So when i enable the flag for encrypted sni in firefox (network.security.esni.enabled to true) https websites no longer work (doh is already on obviously). Is this something normal and expected to be fixed or what?
    Any advice is welcome. Thanks.

    Adguard 6.4.1814.4903
    Windows 10 (64-bit) 1809
    Firefox 64.0.2 (64-bit)
    Cloudflare dns
     
    Last edited: Jan 13, 2019 at 7:14 PM
  2. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
    @Fr9Tcm

    This function breaks the HTTPS without AdGuard. Can you provide a short clip or screenshots with a reproduced issue?
     
  3. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30
    Why would it break https when the dns supports it? Anw it doesn't break it for me as long as adguard service is disabled.

    With adguard service working
    https://i.imgur.com/2YyNHmK.gifv

    With adguard service disabled
    https://i.imgur.com/tjlwjRq.gifv
     
  4. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
  5. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30
  6. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
    @Fr9Tcm

    I'm unable to reproduce this isssue, can you describe in steps what should be done?
     
  7. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30
    1. I assume you use something that allows you to use doh. Dnscrypt or something. If not https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/
    2. Install Firefox 64.0.2 (64-bit)
    3. Go to about:config
    4. Change network.trr.mode to 2
    5. Change network.trr.uri to https://mozilla.cloudflare-dns.com/dns-query
    6. Change network.security.esni.enabled to true
    7. Restart firefox and visit an https site. Not google because they somehow bypass it.

    So for you enabling network.security.esni.enabled makes every https site die regardless if you have adguard Service running or not?
     
    Last edited: Jan 16, 2019 at 8:09 AM
  8. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
    @Fr9Tcm

    With and without AdGuard running the HTTPS websites for me are not completely "dead", they are just broken with this function enabled. So I guess it's not depended on AdGuard.
     
  9. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30
    No clue what to tell you. If you see my small videos you can clearly see it's adguard related for my case. If a dev wants to check the issue i can open a remote connection for him.
     
  10. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
    @Fr9Tcm

    When you are disabling AdGuard, service is still running. Can you check this way:

    1. Enable esni.
    2. From tray - AdGuard - RMB - exit - click No
    3. Restart Firefox and check again
     
  11. TheHasagi

    TheHasagi Support Commando Staff Member Administrator Moderator

    Joined:
    Mar 26, 2018
    Messages:
    984
    Last edited: Jan 16, 2019 at 10:23 AM
    Fr9Tcm likes this.
  12. Fr9Tcm

    Fr9Tcm New Member

    Joined:
    Feb 15, 2016
    Messages:
    30