152:. When a client uses domain fronting, it replaces the server domain in SNI (unencrypted), but leaves it in the HTTP host header (which is encrypted by TLS) so that server can serve the right content. Domain fronting violates the standard defining SNI itself, so its compatibility is limited (many services check that SNI host matches the HTTP header host and reject connections with domain-fronted SNI as invalid). While domain fronting was used in the past to avoid government censorship, its popularity dwindled because major cloud providers (Google, Amazon's AWS and CloudFront) explicitly prohibit it in their TOS and have technical restrictions against it.
78:
connection, the client requests a digital certificate from the web server. Once the server sends the certificate, the client examines it and compares the name it was trying to connect to with the name(s) included in the certificate. If a match occurs, the connection proceeds as normal. If a match is not found, the user may be warned of the discrepancy and the connection may abort as the mismatch may indicate an attempted man-in-the-middle attack. However, some applications allow the user to bypass the warning to proceed with the connection, with the user taking on the responsibility of trusting the certificate and, by extension, the connection.
188:
same server name that is encrypted by ESNI. Also, encrypting extensions one-by-one would require an encrypted variant of every extension, each with potential privacy implications, and even that exposes the set of extensions advertised. Lastly, real-world deployment of ESNI has exposed interoperability limitations. The short name was ECHO in March 2020 and changed to ECH in May 2020.
90:
HTTPS, the TLS handshake happens before the server sees any HTTP headers. Therefore, it was not possible for the server to use the information in the HTTP host header to decide which certificate to present and as such only names covered by the same certificate could be served from the same IP address.
187:
In March 2020, ESNI was reworked into the ECH extension, after analysis demonstrated that encrypting only the SNI is insufficient. For example, specifications permit the Pre-Shared Key extension to contain any data to facilitate session resumption, even transmission of a cleartext copy of exactly the
106:
message. This enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name. Therefore, with clients and servers that implement SNI, a server with a single IP address can serve a group of domain names for which it is impractical
289:
was created by the EdelKey project. In 2006, this patch was then ported to the development branch of OpenSSL, and in 2007 it was back-ported to OpenSSL 0.9.8 (first released in 0.9.8f). First web browsers with SNI support appeared in 2006 (Mozilla
Firefox 2.0, Internet Explorer 7), web servers later
89:
Name-based virtual hosting allows multiple DNS hostnames to be hosted by a single server (usually a web server) on the same IP address. To achieve this, the server uses a hostname presented by the client as part of the protocol (for HTTP the name is presented in the host header). However, when using
293:
For an application program to implement SNI, the TLS library it uses must implement it and the application must pass the hostname to the TLS library. Further complicating matters, the TLS library may either be included in the application program or be a component of the underlying operating system.
179:
The initial 2018 version of this extension was called
Encrypted SNI (ESNI) and its implementations were rolled out in an "experimental" fashion to address this risk of domain eavesdropping. Firefox 85 removed support for ESNI. In contrast to ECH, Encrypted SNI encrypted just the SNI rather than the
81:
However, it may be hard โ or even impossible due to lack of a full list of all names in advance โ to obtain a single certificate that covers all names a server will be responsible for. A server that is responsible for multiple hostnames is likely to need to present a different certificate for each
94:
Internet registry and IPv4 addresses are now exhausted. For IPv6, it increases the administrative overhead by having multiple IPs on a single machine, even though the address space is not exhausted. The result was that many websites were effectively constrained from using secure communications.
93:
In practice, this meant that an HTTPS server could only serve one domain (or small group of domains) per IP address for secured and efficient browsing. Assigning a separate IP address for each site increases the cost of hosting, since requests for IP addresses must be justified to the regional
171:
protocol extension that enables encryption of the whole Client Hello message, which is sent during the early stage of TLS 1.3 negotiation. ECH encrypts the payload with a public key that the relying party (a web browser) needs to know in advance, which means ECH is most effective with large
77:
Prior to SNI, when making a TLS connection, the client had no way to specify which site it was trying to connect to. Hence, if one server hosts multiple sites on a single listener, the server has no way to know which certificate to use in the TLS protocol. In more detail, when making a TLS
130:
Server Name
Indication payload is not encrypted, thus the hostname of the server the client tries to connect to is visible to a passive eavesdropper. This protocol weakness was exploited by security software for network filtering and monitoring and governments to implement censorship.
62:, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in
191:
Both ESNI and ECH are compatible only with TLS 1.3 because they rely on KeyShareEntry which was first defined in TLS 1.3. Also, to use ECH, the client must not propose TLS versions below 1.3.
2690:
2948:
86:
to contain multiple domains controlled by one person in a single certificate. Such "unified communications certificates" must be reissued every time the list of domains changes.
2343:
148:
Domain fronting is a technique of replacing the desired host name in SNI with another one hosted by the same server or, more frequently, network of servers known as a
3003:
58:
over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based
294:
Because of this, some browsers implement SNI when running on any operating system, while others implement it only when running on certain operating systems.
231:
meeting, members working on ECH informed Chrome and
Firefox were doing a 1% sample trial, and the team expects the final draft to be submitted to the
1841:
2369:
3796:
2682:
2429:
3672:
2292:
38:
it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible
2787:
3061:
3617:
2845:
3623:
2117:
2871:
3108:
3767:
3611:
2820:
2556:
224:
planned to ban a range of encryption protocols, among which were TLS 1.3 and ESNI, which hindered web site access censorship.
1866:
1817:
2581:
4068:
3889:
2762:
232:
180:
whole Client Hello. Opt-in support for this version was incorporated into
Firefox in October 2018 and required enabling
3705:
2065:
4103:
3811:
3599:
3570:
3357:
2956:
2650:
2395:
4032:
3382:
102:
SNI addresses this issue by having the client send the name of the virtual domain as part of the TLS negotiation's
1703:
3724:
1746:
1664:
601:
228:
2668:
4037:
3634:
1946:
4098:
1450:
1326:
3849:
3819:
3718:
3332:
206:
2179:
this is an extension to TLS version 1.3 and above, and doesn't work with previous versions of the protocol
1721:
4093:
3829:
3699:
2923:
2737:
2506:
1508:
250:
199:
4010:
3773:
663:
59:
2344:"Russia's Digital Development Ministry wants to ban the latest encryption technologies from the RuNet"
3869:
3801:
3740:
1349:
1145:
1119:
729:
3990:
3953:
3920:
3593:
3579:
1373:
1314:
ColdFusion since
Version 10 Update 18, 11 Update 7, Lucee since Version 4.5.1.019, Version 5.0.0.50
1276:
575:
173:
168:
149:
27:
3358:"Adds support for TLS v1.3 Encrypted Client Hello (ECH) draft-ietf-tlsโฆ ยท wolfSSL/wolfssl@6b6ad38"
3751:
3735:
3640:
2481:
2421:
2217:
1965:
3407:
3083:
2531:
2479:
3730:
3694:
2246:
1653:
Blake-Wilson, Simon; Nystrom, Magnus; Hopwood, David; Mikkelsen, Jan; Wright, Tim (June 2003).
258:
55:
39:
16:
TLS extension for serve multiple HTTPS sites at the same IP address with different certificates
3500:
2715:
277:) enabled it by default, also requiring keys to be deployed in HTTPS resource records in DNS.
4057:
3958:
3678:
3563:
3053:
1535:
341:
2269:
1932:
1654:
4108:
3543:
1686:
478:
115:
220:
started blocking ESNI traffic. In
September of the same year, Russian censorship ministry
8:
3257:"Support Encrypted Client Hello (formerly known as ESNI) ยท Issue #7482 ยท openssl/openssl"
2191:
1796:
Chrisment, Isabelle; Goichot, Antoine; Cholez, Thibault; Shbair, Wazen M. (11 May 2015).
876:
679:
274:
3282:"[ech] rewrite ESNI to ECH draft 15 by kazuho ยท Pull Request #437 ยท h2o/picotls"
2142:
2044:
1917:
3974:
3689:
2016:
1823:
915:
841:
598:
572:
246:
31:
3230:
3180:
2897:
134:
Presently, there are multiple technologies attempting to hide Server Name
Indication:
3925:
3651:
3433:
1891:
1813:
1678:
659:
369:
262:
2812:
2595:
1916:
Rescorla, Eric; Oku, Kazuho; Sullivan, Nick; Wood, Christopher A. (9 October 2023).
1827:
3930:
3746:
3684:
3556:
3205:
2396:"Russia Is Trying Something New to Isolate Its Internet From the Rest of the World"
1805:
1668:
1299:
984:
270:
63:
3155:
2247:"Service binding and parameter specification via the DNS (DNS SVCB and HTTPS RRs)"
1931:
Rescorla, Eric; Oku, Kazuho; Sullivan, Nick; Wood, Christopher A. (6 April 2023).
1797:
690:
Supported for browsing. Sync and other services support SNI only since version 86.
3656:
3454:
3333:"Certificate selection for servers is missing ยท Issue #310 ยท apple/swift-nio-ssl"
3256:
2370:"Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI"
797:
646:
425:
143:
3537:
3533:
3529:
3129:
1892:"Amazon threatens to suspend Signal's AWS account over censorship circumvention"
1689:
1658:
67:
3307:
2898:"Bug 765064 โ HttpClient in use by Sync and other services doesn't support SNI"
1771:
1485:
698:
624:
446:
401:
266:
242:
241:
In
October 2023, Mozilla enabled ECH by default in Firefox v118, provided that
195:
181:
2788:"curl/docs/ROADMAP.md at 50490c0679fcd0e50bb3a8fbf2d9244845652cf0 ยท curl/curl"
2452:
2293:"China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI"
4087:
3711:
3646:
2683:"How to improve privacy in Microsoft Edge by enabling Encrypted Client Hello"
2163:
2091:
1991:
1809:
1682:
864:
819:
552:
528:
504:
381:
254:
2582:"How to disable TLS Encrypted ClientHello in Google Chrome using PowerShell"
2480:
Achiel van der
Mandele; Alessandro Ghedini; Christopher Wood; Rushil Mehra.
1802:
2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)
4005:
3779:
2978:
751:
349:
221:
217:
3281:
2763:"curl/docs/ECH.md at cbe7fad20d969626a5c4eb0501a273dfe812bcd3 ยท curl/curl"
2557:"Encrypted Client Hello (ECH) - Frequently asked questions | Firefox Help"
2654:
2532:"Say (an encrypted) hello to a more private internet. | The Mozilla Blog"
51:
2092:"Curl: Re: Support of Encrypted SNI (curl-library mailing list archive)"
4052:
3028:
2625:
2268:
Schwartz, Benjamin M.; Bishop, Mike; Nygren, Erik (26 September 2023).
1228:
Supports client-side ECH; server-side ECH still todo as of August 2024
490:
385:
213:
43:
3479:
3455:"ECH (Encrypted client hello) support ยท Issue #1924 ยท haproxy/haproxy"
3383:"crypto/tls: implement draft-ietf-tls-esni-13 ยท cloudflare/go@4c13101"
2192:"Make ESNI TLS 1.2 compatible ยท Issue #38 ยท tlswg/draft-ietf-tls-esni"
4047:
3859:
3824:
1966:"Don't panic about domain fronting, an SNI fix is getting hacked out"
1673:
1006:
961:
938:
198:, incorporates a parameter for transmitting the ECH public keys via
3864:
3854:
3839:
2270:"Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings"
2245:
Schwartz, Benjamin M.; Bishop, Mike; Nygren, Erik (11 March 2023).
1652:
1564:
1556:
1096:
1074:
238:
In Sep 2023, Cloudflare started to support ECH for hosted domains.
47:
35:
3408:"src/tls.c ยท master ยท Hugo Leisink / Hiawatha web server ยท GitLab"
1842:"South Korea is Censoring the Internet by Snooping on SNI Traffic"
3904:
3899:
3884:
3874:
1707:
1612:
1588:
1253:
1168:
286:
209:
started blocking ESNI traffic, while still allowing ECH traffic.
2317:
612:
Frontend support since version 4.0 and backend support from v5.2
4062:
4015:
3995:
3894:
3879:
3844:
3231:"Bug 360421 โ Implement TLS Server Name Indication for servers"
2603:
2147:
2049:
1210:
1051:
445:
Introduced in v85 behind flag. Enabled by default in v118 when
3548:
3181:"116168 - TLS server name indication extension support in NSS"
4042:
4000:
3834:
3629:
1867:"Encrypted chat app Signal circumvents government censorship"
1303:
1028:
891:
774:
1795:
2722:. Tolerant Networks Limited. 24 August 2022. Archived from
2482:"Encrypted Client Hello - the last puzzle piece to privacy"
1396:
706:
454:
346:
111:
2952:
2927:
1427:
3130:"Support ECH (#595) ยท Issues ยท gnutls / GnuTLS ยท GitLab"
2738:"Understand Encrypted Client Hello (ECH) | Firefox Help"
2507:"Understand Encrypted Client Hello (ECH) | Firefox Help"
2233:
The client ... MUST offer to negotiate TLS 1.3 or above.
2461:(video). San Francisco: Internet Engineering Task Force
2118:"Encrypted Client Hello: the future of ESNI in Firefox"
1930:
1915:
697:
Only on Firefox Beta and Nightly is possible to enable
1747:"Web Filter: SNI extension feature and HTTPS blocking"
82:
name (or small group of names). It is possible to use
3109:"Dell BSAFE Micro Edition Suite 5.0 Release Advisory"
2643:
290:(Apache HTTP Server in 2009, Microsoft IIS in 2012).
2267:
2244:
3206:"D101050 Bug 1681585 - Add ECH support to selfserv"
2723:
3308:"Server-side Encrypted Client Hello (ECH) support"
1704:"What is a Multiple Domain (UCC) SSL Certificate?"
122:. The latest version of the standard is RFC 6066.
2450:
2419:
1798:"Efficiently Bypassing SNI-based HTTPS Filtering"
1714:
1461:Supported in 2.x from 2.7.9 and 3.x from 3.2 (in
4085:
2979:"#2275 (Support Encrypted Client Hello) โ nginx"
2164:"Encrypt it or lose it: how encrypted SNI works"
1992:"Encrypt it or lose it: how encrypted SNI works"
1939:
1772:"Sophos UTM: Understanding Sophos Web Filtering"
3594:Transport Layer Security / Secure Sockets Layer
3156:"Support ESNI ยท Issue #546 ยท libressl/portable"
2805:
3501:"src/lib/libtls/tls.c at master ยท openbsd/src"
3029:"ECH by kazuho ยท Pull Request #3164 ยท h2o/h2o"
2710:
2708:
3797:Export of cryptography from the United States
3564:
2045:"ESNI -> ECHO ยท tlswg/draft-ietf-tls-esni"
1947:"ESNI: A Privacy-Protecting Upgrade to HTTPS"
3673:Automated Certificate Management Environment
257:on the computer network. In September 2023,
72:
3544:Mozilla Wiki - Encrypted Client Hello (ECH)
2924:"IBM HTTP Server SSL Questions and Answers"
2813:"Feature: TLS Encrypted Client Hello (ECH)"
2705:
2596:"Feature: TLS Encrypted Client Hello (ECH)"
1476:2011 for Python 3.x and 2014 for Python 2.x
3618:DNS-based Authentication of Named Entities
3571:
3557:
2318:"ะะพัะตะผั ะ ะพััะตะปะตะบะพะผ ะฑะปะพะบะธััะตั ESNI ััะฐัะธะบ?"
1920:(Report). Internet Engineering Task Force.
1655:"Server Name ssl_ocsp_responderIndication"
830:Not supported before 8.5 (backport from 9)
3624:DNS Certification Authority Authorization
2162:Ghedini, Alessandro (24 September 2018).
1990:Ghedini, Alessandro (24 September 2018).
1672:
1660:Transport Layer Security (TLS) Extensions
285:In 2004, a patch for adding TLS/SNI into
155:
120:Transport Layer Security (TLS) Extensions
50:number and hence allows multiple secure (
3305:
2669:"Public Git Hosting - alpine.git/Commit"
2143:"s/ECHO/ECH ยท tlswg/draft-ietf-tls-esni"
2066:"Encrypted SNI Comes to Firefox Nightly"
125:
30:computer networking protocol by which a
2393:
2161:
1989:
1963:
97:
4086:
3768:Domain Name System Security Extensions
3612:Application-Layer Protocol Negotiation
2949:"IHS 8 powered by Apache 2.2.x ?"
2115:
1646:
3552:
2584:. Chaser Systems Ltd. 9 October 2023.
2394:Sherman, Justin (25 September 2020).
2039:
2037:
2017:"1667743 - Clean up unused esni code"
176:known to browser vendors in advance.
2693:from the original on 5 December 2022
2215:
2063:
1368:Cloudflare/go fork provides support
202:, shortening the handshake process.
2716:"Developing ECH for OpenSSL (DEfO)"
2367:
2290:
13:
3706:Online Certificate Status Protocol
3084:"Update to draft-ietf-tls-esni-13"
2451:TLS Working Group (26 July 2023).
2432:from the original on 2 August 2023
2420:TLS Working Group (26 July 2023).
2089:
2064:Eric, Rescorla (18 October 2018).
2034:
650:(discontinued in Android 4.2)
137:
14:
4120:
3600:Datagram Transport Layer Security
3522:
3058:H2O - the optimized HTTP/2 server
2955:. 17 October 2013. Archived from
2422:"Minutes IETF117: tls: Wed 20:00"
2272:. Internet Engineering Task Force
2249:. Internet Engineering Task Force
1667:. p. 8. sec. 3.1.
280:
4033:Certificate authority compromise
3306:McCarney, Daniel (31 May 2024).
3210:phabricator.services.mozilla.com
3064:from the original on 29 May 2023
2823:from the original on 28 May 2023
2116:Jacobs, Kevin (7 January 2021).
1964:Claburn, Thomas (17 July 2018).
1287:Not supported in 15.2 or earlier
4038:Random number generator attacks
3725:Extended Validation Certificate
3578:
3493:
3472:
3447:
3426:
3400:
3375:
3350:
3325:
3299:
3274:
3249:
3223:
3198:
3173:
3148:
3122:
3101:
3076:
3046:
3021:
2996:
2971:
2941:
2916:
2890:
2864:
2838:
2780:
2755:
2730:
2675:
2661:
2618:
2588:
2574:
2549:
2524:
2499:
2473:
2444:
2413:
2387:
2361:
2336:
2310:
2284:
2261:
2238:
2209:
2184:
2155:
2135:
2109:
2083:
2057:
2009:
1983:
1957:
1924:
1909:
1069:Work in progress as July 2023.
200:HTTPS and SVCB DNS record types
118:in June 2003 through RFC 3546,
3635:HTTP Strict Transport Security
1884:
1859:
1834:
1789:
1764:
1739:
1696:
539:Supported in all BB10 releases
245:(DoH) is also enabled to keep
28:Transport Layer Security (TLS)
1:
3054:"Base Directives - Configure"
2324:(in Russian). 11 October 2020
1639:
459:Command-line tool and library
212:In October 2020, Russian ISP
107:to get a common certificate.
3719:Domain-validated certificate
2218:"TLS Encrypted Client Hello"
1722:"TLS Server Name Indication"
615:Frontend 2013 / Backend 2015
235:evaluation by January 2024.
7:
3700:Certificate revocation list
3536:, which obsoleted RFC
2872:"Release Notes Version 5.2"
2846:"Release Notes Version 7.8"
586:Supported since version 7.8
10:
4125:
3774:Internet Protocol Security
3587:Protocols and technologies
3004:"Performance improvements"
1918:TLS Encrypted Client Hello
297:
141:
4025:
3983:
3967:
3946:
3939:
3913:
3810:
3802:Server-Gated Cryptography
3789:
3760:
3741:Public key infrastructure
3666:Public-key infrastructure
3665:
3586:
3088:BoringSSL code repository
2454:IETF117-TLS-20230726-2000
1624:Since OpenBSD version 6.1
875:Since version 8 (part of
762:Not supported on Series60
730:Nokia Browser for Symbian
312:
309:
307:
73:Background of the problem
54:) websites (or any other
26:) is an extension to the
4104:Transport Layer Security
3954:Man-in-the-middle attack
3921:Certificate Transparency
3480:"OpenBSD 6.1 What's New"
1933:"Draft-ietf-TLS-esni-14"
1810:10.1109/INM.2015.7140423
752:Opera Mobile for Symbian
664:Ice Cream Sandwich (4.x)
523:Since v105 behind flag.
216:and its mobile operator
150:content delivery network
4065:(in regards to TLS 1.0)
4018:(in regards to SSL 3.0)
3752:Self-signed certificate
3736:Public-key cryptography
3657:Perfect forward secrecy
3641:HTTP Public Key Pinning
3434:"HAProxy 1.5 changelog"
1599:Since version 1.5-dev12
420:Since v105 behind flag
207:Great Firewall of China
4069:Kazakhstan MITM attack
3731:Public key certificate
3695:Certificate revocation
3606:Server Name Indication
2817:Chrome Platform Status
2600:Chrome Platform Status
1519:Since version 2.0 (in
251:HTTPS resource records
161:Encrypted Client Hello
156:Encrypted Client Hello
20:Server Name Indication
4058:Lucky Thirteen attack
3959:Padding oracle attack
3679:Certificate authority
2122:Mozilla Security Blog
2070:Mozilla Security Blog
342:Alpine (email client)
261:version 117 (used in
227:In July 2023, in the
126:Security implications
110:SNI was added to the
4099:Secure communication
3532:(obsoletes RFC
3185:bugzilla.mozilla.org
2726:on 1 September 2022.
2021:bugzilla.mozilla.org
1953:. 24 September 2018.
1804:. pp. 990โ995.
1633:Depends on OpenSSL.
1575:Since version 1.4.24
1131:Since version 3.11.1
949:Since version 11.0.1
902:Since version 0.5.23
852:Since version 2.2.12
465:Since version 7.18.1
205:In August 2020, the
98:Technical principles
2959:on 26 December 2015
2742:support.mozilla.org
2561:support.mozilla.org
2511:support.mozilla.org
2486:The Cloudflare Blog
2168:The Cloudflare Blog
1996:The Cloudflare Blog
1031:Micro Edition Suite
972:Since version 14.0
926:Since version 9.3.0
877:Windows Server 2012
808:Since version 9.0.0
680:Firefox for Android
634:Some time after 6.5
380:Since version 7 on
304:
4094:Internet protocols
3975:Bar mitzvah attack
3690:Certificate policy
3237:. 11 November 2006
3008:help.hcltechsw.com
2606:. 12 December 2023
2368:Cimpanu, Catalin.
2291:Cimpanu, Catalin.
2090:Daniel, Stenberg.
1951:EFF DeepLinks Blog
1751:www3.trustwave.com
842:Apache HTTP Server
717:Since version 1.14
384:(not supported on
357:Since version 2.22
302:
4081:
4080:
4077:
4076:
3652:Opportunistic TLS
3136:. 27 October 2018
2904:. 29 October 2017
2833:Safari: No signal
2657:on 20 April 2016.
2651:"OpenSSL CHANGES"
2626:"EdelKey Project"
1819:978-1-4799-8241-7
1637:
1636:
1546:Since version 8.6
1496:Since version 4.8
1438:Since version 5.3
1411:version 1.50 and
1384:Since version 1.7
1360:Since version 1.4
1337:Since version r17
785:Since version 3.1
711:Command-line tool
489:Not supported on
436:Since version 2.0
370:Internet Explorer
4116:
3944:
3943:
3931:HTTPS Everywhere
3747:Root certificate
3685:CA/Browser Forum
3573:
3566:
3559:
3550:
3549:
3516:
3515:
3513:
3511:
3497:
3491:
3490:
3488:
3486:
3476:
3470:
3469:
3467:
3465:
3451:
3445:
3444:
3442:
3440:
3430:
3424:
3423:
3421:
3419:
3404:
3398:
3397:
3395:
3393:
3379:
3373:
3372:
3370:
3368:
3354:
3348:
3347:
3345:
3343:
3329:
3323:
3322:
3320:
3318:
3303:
3297:
3296:
3294:
3292:
3278:
3272:
3271:
3269:
3267:
3253:
3247:
3246:
3244:
3242:
3235:Bugzilla@Mozilla
3227:
3221:
3220:
3218:
3216:
3202:
3196:
3195:
3193:
3191:
3177:
3171:
3170:
3168:
3166:
3152:
3146:
3145:
3143:
3141:
3126:
3120:
3119:
3117:
3115:
3105:
3099:
3098:
3096:
3094:
3080:
3074:
3073:
3071:
3069:
3050:
3044:
3043:
3041:
3039:
3025:
3019:
3018:
3016:
3014:
3000:
2994:
2993:
2991:
2989:
2975:
2969:
2968:
2966:
2964:
2945:
2939:
2938:
2936:
2934:
2920:
2914:
2913:
2911:
2909:
2902:Bugzilla@Mozilla
2894:
2888:
2887:
2885:
2883:
2878:. September 2015
2876:Campus@Barracuda
2868:
2862:
2861:
2859:
2857:
2852:. September 2013
2850:Campus@Barracuda
2842:
2836:
2835:
2830:
2828:
2809:
2803:
2802:
2800:
2798:
2784:
2778:
2777:
2775:
2773:
2759:
2753:
2752:
2750:
2748:
2734:
2728:
2727:
2712:
2703:
2702:
2700:
2698:
2689:. 25 July 2023.
2679:
2673:
2672:
2665:
2659:
2658:
2653:. Archived from
2647:
2641:
2640:
2638:
2636:
2622:
2616:
2615:
2613:
2611:
2592:
2586:
2585:
2578:
2572:
2571:
2569:
2567:
2553:
2547:
2546:
2544:
2542:
2536:blog.mozilla.org
2528:
2522:
2521:
2519:
2517:
2503:
2497:
2496:
2494:
2492:
2477:
2471:
2470:
2468:
2466:
2448:
2442:
2441:
2439:
2437:
2426:IETF Datatracker
2417:
2411:
2410:
2408:
2406:
2391:
2385:
2384:
2382:
2380:
2365:
2359:
2358:
2356:
2354:
2340:
2334:
2333:
2331:
2329:
2314:
2308:
2307:
2305:
2303:
2288:
2282:
2281:
2279:
2277:
2265:
2259:
2258:
2256:
2254:
2242:
2236:
2235:
2230:
2228:
2216:Rescorla, Eric.
2213:
2207:
2206:
2204:
2202:
2188:
2182:
2181:
2176:
2174:
2159:
2153:
2152:
2139:
2133:
2132:
2130:
2128:
2113:
2107:
2106:
2104:
2102:
2087:
2081:
2080:
2078:
2076:
2061:
2055:
2054:
2041:
2032:
2031:
2029:
2027:
2013:
2007:
2006:
2004:
2002:
1987:
1981:
1980:
1978:
1976:
1961:
1955:
1954:
1943:
1937:
1936:
1928:
1922:
1921:
1913:
1907:
1906:
1904:
1902:
1888:
1882:
1881:
1879:
1877:
1863:
1857:
1856:
1854:
1852:
1846:BleepingComputer
1838:
1832:
1831:
1793:
1787:
1786:
1784:
1782:
1776:Sophos Community
1768:
1762:
1761:
1759:
1757:
1743:
1737:
1736:
1734:
1732:
1718:
1712:
1711:
1700:
1694:
1693:
1676:
1674:10.17487/RFC3546
1650:
1522:
1513:Standard library
1490:Standard library
1472:
1468:
1464:
1455:Standard library
1432:Standard library
1414:
1410:
1401:Standard library
1378:Standard library
1354:Standard library
1331:Standard library
1308:Standard library
1281:Standard library
966:Workflow client
662:for tablets and
305:
301:
271:Samsung Internet
34:indicates which
4124:
4123:
4119:
4118:
4117:
4115:
4114:
4113:
4084:
4083:
4082:
4073:
4021:
3979:
3963:
3940:Vulnerabilities
3935:
3909:
3812:Implementations
3806:
3785:
3756:
3661:
3582:
3577:
3525:
3520:
3519:
3509:
3507:
3499:
3498:
3494:
3484:
3482:
3478:
3477:
3473:
3463:
3461:
3453:
3452:
3448:
3438:
3436:
3432:
3431:
3427:
3417:
3415:
3406:
3405:
3401:
3391:
3389:
3381:
3380:
3376:
3366:
3364:
3356:
3355:
3351:
3341:
3339:
3331:
3330:
3326:
3316:
3314:
3304:
3300:
3290:
3288:
3280:
3279:
3275:
3265:
3263:
3255:
3254:
3250:
3240:
3238:
3229:
3228:
3224:
3214:
3212:
3204:
3203:
3199:
3189:
3187:
3179:
3178:
3174:
3164:
3162:
3154:
3153:
3149:
3139:
3137:
3128:
3127:
3123:
3113:
3111:
3107:
3106:
3102:
3092:
3090:
3082:
3081:
3077:
3067:
3065:
3052:
3051:
3047:
3037:
3035:
3027:
3026:
3022:
3012:
3010:
3002:
3001:
2997:
2987:
2985:
2977:
2976:
2972:
2962:
2960:
2947:
2946:
2942:
2932:
2930:
2922:
2921:
2917:
2907:
2905:
2896:
2895:
2891:
2881:
2879:
2870:
2869:
2865:
2855:
2853:
2844:
2843:
2839:
2826:
2824:
2811:
2810:
2806:
2796:
2794:
2786:
2785:
2781:
2771:
2769:
2761:
2760:
2756:
2746:
2744:
2736:
2735:
2731:
2714:
2713:
2706:
2696:
2694:
2681:
2680:
2676:
2667:
2666:
2662:
2649:
2648:
2644:
2634:
2632:
2624:
2623:
2619:
2609:
2607:
2594:
2593:
2589:
2580:
2579:
2575:
2565:
2563:
2555:
2554:
2550:
2540:
2538:
2530:
2529:
2525:
2515:
2513:
2505:
2504:
2500:
2490:
2488:
2478:
2474:
2464:
2462:
2449:
2445:
2435:
2433:
2418:
2414:
2404:
2402:
2392:
2388:
2378:
2376:
2366:
2362:
2352:
2350:
2342:
2341:
2337:
2327:
2325:
2316:
2315:
2311:
2301:
2299:
2289:
2285:
2275:
2273:
2266:
2262:
2252:
2250:
2243:
2239:
2226:
2224:
2214:
2210:
2200:
2198:
2190:
2189:
2185:
2172:
2170:
2160:
2156:
2141:
2140:
2136:
2126:
2124:
2114:
2110:
2100:
2098:
2088:
2084:
2074:
2072:
2062:
2058:
2043:
2042:
2035:
2025:
2023:
2015:
2014:
2010:
2000:
1998:
1988:
1984:
1974:
1972:
1962:
1958:
1945:
1944:
1940:
1929:
1925:
1914:
1910:
1900:
1898:
1890:
1889:
1885:
1875:
1873:
1865:
1864:
1860:
1850:
1848:
1840:
1839:
1835:
1820:
1794:
1790:
1780:
1778:
1770:
1769:
1765:
1755:
1753:
1745:
1744:
1740:
1730:
1728:
1720:
1719:
1715:
1702:
1701:
1697:
1651:
1647:
1642:
1520:
1470:
1466:
1462:
1413:IO::Socket::SSL
1412:
1408:
798:IBM HTTP Server
660:Honeycomb (3.x)
649:
647:Android browser
426:Mozilla Firefox
300:
283:
253:protected from
158:
146:
144:Domain fronting
140:
138:Domain fronting
128:
100:
75:
60:virtual hosting
17:
12:
11:
5:
4122:
4112:
4111:
4106:
4101:
4096:
4079:
4078:
4075:
4074:
4072:
4071:
4066:
4060:
4055:
4050:
4045:
4040:
4035:
4029:
4027:
4026:Implementation
4023:
4022:
4020:
4019:
4013:
4008:
4003:
3998:
3993:
3987:
3985:
3981:
3980:
3978:
3977:
3971:
3969:
3965:
3964:
3962:
3961:
3956:
3950:
3948:
3941:
3937:
3936:
3934:
3933:
3928:
3923:
3917:
3915:
3911:
3910:
3908:
3907:
3902:
3897:
3892:
3887:
3882:
3877:
3872:
3867:
3862:
3857:
3852:
3847:
3842:
3837:
3832:
3827:
3822:
3816:
3814:
3808:
3807:
3805:
3804:
3799:
3793:
3791:
3787:
3786:
3784:
3783:
3777:
3771:
3764:
3762:
3758:
3757:
3755:
3754:
3749:
3744:
3738:
3733:
3728:
3722:
3716:
3715:
3714:
3709:
3703:
3692:
3687:
3682:
3676:
3669:
3667:
3663:
3662:
3660:
3659:
3654:
3649:
3644:
3638:
3632:
3627:
3621:
3615:
3609:
3603:
3597:
3590:
3588:
3584:
3583:
3576:
3575:
3568:
3561:
3553:
3547:
3546:
3541:
3524:
3523:External links
3521:
3518:
3517:
3492:
3471:
3446:
3425:
3414:. 5 April 2023
3399:
3374:
3349:
3324:
3298:
3273:
3248:
3222:
3197:
3172:
3147:
3121:
3100:
3075:
3045:
3020:
2995:
2983:trac.nginx.org
2970:
2940:
2915:
2889:
2863:
2837:
2804:
2779:
2754:
2729:
2704:
2674:
2660:
2642:
2617:
2587:
2573:
2548:
2523:
2498:
2472:
2443:
2412:
2400:Slate Magazine
2386:
2360:
2335:
2309:
2283:
2260:
2237:
2208:
2183:
2154:
2134:
2108:
2082:
2056:
2033:
2008:
1982:
1956:
1938:
1923:
1908:
1883:
1858:
1833:
1818:
1788:
1763:
1738:
1726:Paul's Journal
1713:
1695:
1644:
1643:
1641:
1638:
1635:
1634:
1631:
1628:
1625:
1622:
1619:
1616:
1609:
1608:
1606:
1603:
1600:
1597:
1594:
1591:
1585:
1584:
1582:
1579:
1576:
1573:
1570:
1567:
1561:
1560:
1553:
1550:
1547:
1544:
1541:
1538:
1532:
1531:
1529:
1527:
1524:
1517:
1514:
1511:
1505:
1504:
1502:
1500:
1497:
1494:
1491:
1488:
1482:
1481:
1479:
1477:
1474:
1459:
1456:
1453:
1447:
1446:
1444:
1442:
1439:
1436:
1433:
1430:
1424:
1423:
1421:
1419:
1416:
1405:
1402:
1399:
1393:
1392:
1390:
1388:
1385:
1382:
1379:
1376:
1370:
1369:
1366:
1364:
1361:
1358:
1355:
1352:
1346:
1345:
1343:
1341:
1338:
1335:
1332:
1329:
1323:
1322:
1320:
1318:
1315:
1312:
1309:
1306:
1296:
1295:
1293:
1290:
1288:
1285:
1282:
1279:
1273:
1272:
1269:
1266:
1264:
1262:
1259:
1256:
1250:
1249:
1247:
1244:
1242:
1240:
1237:
1234:
1230:
1229:
1226:
1223:
1221:
1219:
1216:
1213:
1207:
1206:
1204:
1201:
1199:
1197:
1194:
1191:
1187:
1186:
1184:
1181:
1179:
1177:
1174:
1171:
1165:
1164:
1162:
1159:
1157:
1155:
1152:
1149:
1141:
1140:
1138:
1135:
1132:
1129:
1126:
1123:
1115:
1114:
1112:
1109:
1107:
1105:
1102:
1099:
1093:
1092:
1090:
1087:
1085:
1083:
1080:
1077:
1071:
1070:
1067:
1064:
1062:
1060:
1057:
1054:
1048:
1047:
1045:
1043:
1040:
1038:
1035:
1032:
1025:
1024:
1022:
1019:
1017:
1015:
1012:
1009:
1003:
1002:
1000:
997:
995:
993:
990:
987:
981:
980:
978:
976:
973:
970:
967:
964:
958:
957:
955:
953:
950:
947:
944:
941:
935:
934:
932:
930:
927:
924:
921:
918:
912:
911:
909:
906:
903:
900:
897:
894:
888:
887:
885:
883:
880:
873:
870:
867:
861:
860:
858:
856:
853:
850:
847:
844:
838:
837:
835:
833:
831:
828:
825:
822:
816:
815:
813:
811:
809:
806:
803:
800:
794:
793:
791:
789:
786:
783:
780:
777:
771:
770:
768:
765:
763:
760:
757:
754:
748:
747:
745:
742:
740:
738:
735:
732:
726:
725:
723:
721:
718:
715:
712:
709:
703:
702:
695:
693:
691:
688:
685:
682:
676:
675:
673:
670:
667:
657:
654:
651:
643:
642:
640:
637:
635:
632:
630:
627:
625:Windows Mobile
621:
620:
618:
616:
613:
610:
607:
604:
595:
594:
592:
590:
587:
584:
581:
578:
569:
568:
566:
563:
561:
559:
557:
555:
549:
548:
546:
543:
540:
537:
534:
531:
525:
524:
521:
518:
515:
513:
510:
507:
501:
500:
498:
495:
493:
487:
484:
481:
475:
474:
472:
469:
466:
463:
460:
457:
451:
450:
443:
440:
437:
434:
431:
428:
422:
421:
418:
415:
413:
410:
407:
404:
398:
397:
395:
392:
389:
378:
375:
372:
366:
365:
363:
361:
358:
355:
352:
344:
338:
337:
334:
331:
328:
325:
322:
319:
315:
314:
311:
308:
299:
296:
282:
281:Implementation
279:
267:Microsoft Edge
243:DNS over HTTPS
196:Internet Draft
182:DNS over HTTPS
157:
154:
142:Main article:
139:
136:
127:
124:
99:
96:
84:subjectAltName
74:
71:
15:
9:
6:
4:
3:
2:
4121:
4110:
4107:
4105:
4102:
4100:
4097:
4095:
4092:
4091:
4089:
4070:
4067:
4064:
4061:
4059:
4056:
4054:
4051:
4049:
4046:
4044:
4041:
4039:
4036:
4034:
4031:
4030:
4028:
4024:
4017:
4014:
4012:
4009:
4007:
4004:
4002:
3999:
3997:
3994:
3992:
3989:
3988:
3986:
3982:
3976:
3973:
3972:
3970:
3966:
3960:
3957:
3955:
3952:
3951:
3949:
3945:
3942:
3938:
3932:
3929:
3927:
3924:
3922:
3919:
3918:
3916:
3912:
3906:
3903:
3901:
3898:
3896:
3893:
3891:
3888:
3886:
3883:
3881:
3878:
3876:
3873:
3871:
3868:
3866:
3863:
3861:
3858:
3856:
3853:
3851:
3848:
3846:
3843:
3841:
3838:
3836:
3833:
3831:
3828:
3826:
3823:
3821:
3820:Bouncy Castle
3818:
3817:
3815:
3813:
3809:
3803:
3800:
3798:
3795:
3794:
3792:
3788:
3781:
3778:
3775:
3772:
3769:
3766:
3765:
3763:
3759:
3753:
3750:
3748:
3745:
3742:
3739:
3737:
3734:
3732:
3729:
3726:
3723:
3720:
3717:
3713:
3712:OCSP stapling
3710:
3707:
3704:
3701:
3698:
3697:
3696:
3693:
3691:
3688:
3686:
3683:
3680:
3677:
3674:
3671:
3670:
3668:
3664:
3658:
3655:
3653:
3650:
3648:
3647:OCSP stapling
3645:
3642:
3639:
3636:
3633:
3631:
3628:
3625:
3622:
3619:
3616:
3613:
3610:
3607:
3604:
3601:
3598:
3595:
3592:
3591:
3589:
3585:
3581:
3574:
3569:
3567:
3562:
3560:
3555:
3554:
3551:
3545:
3542:
3539:
3535:
3531:
3527:
3526:
3506:
3502:
3496:
3481:
3475:
3460:
3456:
3450:
3435:
3429:
3413:
3409:
3403:
3388:
3384:
3378:
3363:
3359:
3353:
3338:
3334:
3328:
3313:
3309:
3302:
3287:
3283:
3277:
3262:
3258:
3252:
3236:
3232:
3226:
3211:
3207:
3201:
3186:
3182:
3176:
3161:
3157:
3151:
3135:
3131:
3125:
3110:
3104:
3089:
3085:
3079:
3063:
3059:
3055:
3049:
3034:
3030:
3024:
3009:
3005:
2999:
2984:
2980:
2974:
2958:
2954:
2950:
2944:
2929:
2925:
2919:
2903:
2899:
2893:
2877:
2873:
2867:
2851:
2847:
2841:
2834:
2822:
2818:
2814:
2808:
2793:
2789:
2783:
2768:
2764:
2758:
2743:
2739:
2733:
2725:
2721:
2717:
2711:
2709:
2692:
2688:
2684:
2678:
2670:
2664:
2656:
2652:
2646:
2631:
2627:
2621:
2605:
2601:
2597:
2591:
2583:
2577:
2562:
2558:
2552:
2537:
2533:
2527:
2512:
2508:
2502:
2487:
2483:
2476:
2460:
2456:
2455:
2447:
2431:
2427:
2423:
2416:
2401:
2397:
2390:
2375:
2371:
2364:
2349:
2345:
2339:
2323:
2319:
2313:
2298:
2294:
2287:
2271:
2264:
2248:
2241:
2234:
2223:
2219:
2212:
2197:
2193:
2187:
2180:
2169:
2165:
2158:
2150:
2149:
2144:
2138:
2123:
2119:
2112:
2097:
2093:
2086:
2071:
2067:
2060:
2052:
2051:
2046:
2040:
2038:
2022:
2018:
2012:
1997:
1993:
1986:
1971:
1967:
1960:
1952:
1948:
1942:
1934:
1927:
1919:
1912:
1897:
1893:
1887:
1872:
1868:
1862:
1847:
1843:
1837:
1829:
1825:
1821:
1815:
1811:
1807:
1803:
1799:
1792:
1777:
1773:
1767:
1752:
1748:
1742:
1727:
1723:
1717:
1709:
1705:
1699:
1691:
1688:
1684:
1680:
1675:
1670:
1666:
1662:
1661:
1656:
1649:
1645:
1632:
1629:
1626:
1623:
1620:
1617:
1614:
1611:
1610:
1607:
1604:
1601:
1598:
1595:
1593:Load balancer
1592:
1590:
1587:
1586:
1583:
1580:
1577:
1574:
1571:
1568:
1566:
1563:
1562:
1558:
1554:
1551:
1548:
1545:
1542:
1539:
1537:
1534:
1533:
1530:
1528:
1525:
1518:
1515:
1512:
1510:
1507:
1506:
1503:
1501:
1498:
1495:
1492:
1489:
1487:
1484:
1483:
1480:
1478:
1475:
1460:
1457:
1454:
1452:
1449:
1448:
1445:
1443:
1440:
1437:
1434:
1431:
1429:
1426:
1425:
1422:
1420:
1417:
1406:
1403:
1400:
1398:
1395:
1394:
1391:
1389:
1386:
1383:
1380:
1377:
1375:
1372:
1371:
1367:
1365:
1362:
1359:
1356:
1353:
1351:
1348:
1347:
1344:
1342:
1339:
1336:
1333:
1330:
1328:
1325:
1324:
1321:
1319:
1316:
1313:
1310:
1307:
1305:
1301:
1298:
1297:
1294:
1291:
1289:
1286:
1283:
1280:
1278:
1277:4th Dimension
1275:
1274:
1271:Since v5.6.3
1270:
1267:
1265:
1263:
1260:
1257:
1255:
1252:
1251:
1248:
1245:
1243:
1241:
1238:
1235:
1232:
1231:
1227:
1224:
1222:
1220:
1217:
1214:
1212:
1209:
1208:
1205:
1202:
1200:
1198:
1195:
1192:
1189:
1188:
1185:
1182:
1180:
1178:
1175:
1172:
1170:
1167:
1166:
1163:
1160:
1158:
1156:
1153:
1150:
1147:
1143:
1142:
1139:
1136:
1133:
1130:
1127:
1124:
1121:
1117:
1116:
1113:
1110:
1108:
1106:
1103:
1100:
1098:
1095:
1094:
1091:
1088:
1086:
1084:
1081:
1078:
1076:
1073:
1072:
1068:
1065:
1063:
1061:
1058:
1055:
1053:
1050:
1049:
1046:
1044:
1041:
1039:
1036:
1033:
1030:
1027:
1026:
1023:
1020:
1018:
1016:
1013:
1010:
1008:
1005:
1004:
1001:
998:
996:
994:
991:
988:
986:
983:
982:
979:
977:
974:
971:
968:
965:
963:
960:
959:
956:
954:
951:
948:
945:
942:
940:
937:
936:
933:
931:
928:
925:
922:
919:
917:
914:
913:
910:
907:
904:
901:
898:
895:
893:
890:
889:
886:
884:
881:
878:
874:
871:
868:
866:
865:Microsoft IIS
863:
862:
859:
857:
854:
851:
848:
845:
843:
840:
839:
836:
834:
832:
829:
826:
823:
821:
820:Apache Tomcat
818:
817:
814:
812:
810:
807:
804:
801:
799:
796:
795:
792:
790:
787:
784:
781:
778:
776:
773:
772:
769:
766:
764:
761:
758:
755:
753:
750:
749:
746:
743:
741:
739:
736:
733:
731:
728:
727:
724:
722:
719:
716:
713:
710:
708:
705:
704:
700:
696:
694:
692:
689:
686:
683:
681:
678:
677:
674:
671:
668:
665:
661:
658:
655:
652:
648:
645:
644:
641:
638:
636:
633:
631:
628:
626:
623:
622:
619:
617:
614:
611:
608:
606:Load balancer
605:
603:
600:
597:
596:
593:
591:
588:
585:
582:
580:Reverse Proxy
579:
577:
574:
571:
570:
567:
564:
562:
560:
558:
556:
554:
553:BlackBerry OS
551:
550:
547:
544:
541:
538:
535:
532:
530:
529:BlackBerry 10
527:
526:
522:
519:
516:
514:
511:
508:
506:
505:Google Chrome
503:
502:
499:
496:
494:
492:
488:
485:
482:
480:
477:
476:
473:
470:
467:
464:
461:
458:
456:
453:
452:
448:
444:
441:
438:
435:
432:
429:
427:
424:
423:
419:
416:
414:
411:
408:
405:
403:
400:
399:
396:
393:
390:
387:
383:
379:
376:
373:
371:
368:
367:
364:
362:
359:
356:
353:
351:
348:
345:
343:
340:
339:
335:
332:
329:
326:
323:
320:
317:
316:
306:
295:
291:
288:
278:
276:
272:
268:
264:
263:Google Chrome
260:
256:
255:eavesdropping
252:
249:requests for
248:
244:
239:
236:
234:
230:
225:
223:
219:
215:
210:
208:
203:
201:
197:
192:
189:
185:
183:
177:
175:
170:
166:
162:
153:
151:
145:
135:
132:
123:
121:
117:
116:Internet RFCs
113:
108:
105:
95:
91:
87:
85:
79:
70:
69:
65:
61:
57:
53:
49:
45:
41:
37:
33:
29:
25:
21:
3780:Secure Shell
3605:
3508:. Retrieved
3504:
3495:
3483:. Retrieved
3474:
3462:. Retrieved
3458:
3449:
3437:. Retrieved
3428:
3416:. Retrieved
3411:
3402:
3390:. Retrieved
3386:
3377:
3365:. Retrieved
3361:
3352:
3340:. Retrieved
3336:
3327:
3315:. Retrieved
3311:
3301:
3289:. Retrieved
3285:
3276:
3264:. Retrieved
3260:
3251:
3239:. Retrieved
3234:
3225:
3213:. Retrieved
3209:
3200:
3188:. Retrieved
3184:
3175:
3163:. Retrieved
3159:
3150:
3138:. Retrieved
3133:
3124:
3112:. Retrieved
3103:
3091:. Retrieved
3087:
3078:
3066:. Retrieved
3057:
3048:
3036:. Retrieved
3032:
3023:
3011:. Retrieved
3007:
2998:
2986:. Retrieved
2982:
2973:
2961:. Retrieved
2957:the original
2943:
2931:. Retrieved
2918:
2906:. Retrieved
2901:
2892:
2880:. Retrieved
2875:
2866:
2854:. Retrieved
2849:
2840:
2832:
2825:. Retrieved
2816:
2807:
2795:. Retrieved
2791:
2782:
2770:. Retrieved
2766:
2757:
2745:. Retrieved
2741:
2732:
2724:the original
2719:
2695:. Retrieved
2686:
2677:
2663:
2655:the original
2645:
2633:. Retrieved
2629:
2620:
2608:. Retrieved
2599:
2590:
2576:
2564:. Retrieved
2560:
2551:
2539:. Retrieved
2535:
2526:
2514:. Retrieved
2510:
2501:
2489:. Retrieved
2485:
2475:
2463:. Retrieved
2458:
2453:
2446:
2434:. Retrieved
2425:
2415:
2403:. Retrieved
2399:
2389:
2377:. Retrieved
2373:
2363:
2351:. Retrieved
2347:
2338:
2326:. Retrieved
2322:qna.habr.com
2321:
2312:
2300:. Retrieved
2296:
2286:
2274:. Retrieved
2263:
2251:. Retrieved
2240:
2232:
2225:. Retrieved
2221:
2211:
2199:. Retrieved
2195:
2186:
2178:
2171:. Retrieved
2167:
2157:
2146:
2137:
2125:. Retrieved
2121:
2111:
2099:. Retrieved
2095:
2085:
2073:. Retrieved
2069:
2059:
2048:
2024:. Retrieved
2020:
2011:
1999:. Retrieved
1995:
1985:
1973:. Retrieved
1970:The Register
1969:
1959:
1950:
1941:
1926:
1911:
1899:. Retrieved
1895:
1886:
1874:. Retrieved
1870:
1861:
1849:. Retrieved
1845:
1836:
1801:
1791:
1779:. Retrieved
1775:
1766:
1754:. Retrieved
1750:
1741:
1729:. Retrieved
1725:
1716:
1698:
1659:
1648:
1415:version 1.56
1233:SwiftNIO SSL
449:is enabled.
412:All versions
350:email client
313:ECH Support
292:
284:
240:
237:
226:
222:Roscomnadzor
211:
204:
193:
190:
186:
178:
164:
160:
159:
147:
133:
129:
119:
109:
103:
101:
92:
88:
83:
80:
76:
42:on the same
40:certificates
23:
19:
18:
4109:Web hosting
3926:Convergence
3580:TLS and SSL
3439:28 December
2635:20 February
2610:21 February
2566:25 November
2227:24 February
1851:18 February
1781:20 February
1555:Depends on
1409:Net::SSLeay
1148:server side
1122:client side
1042:Version 5.0
779:Web browser
756:Web browser
734:Web browser
701:by a flag.
684:Web browser
653:Web browser
629:Web browser
533:Web browser
509:Web browser
483:Web browser
430:Web browser
406:Web browser
374:Web browser
310:SNI Support
104:ClientHello
4088:Categories
4053:Heartbleed
3241:30 October
3114:18 October
3013:6 February
2963:9 November
2908:9 November
2630:edelweb.fr
2328:30 October
1975:10 October
1640:References
1627:2017-04-11
1618:Web server
1569:Web server
1540:Web server
1300:ColdFusion
989:Web server
943:Web server
939:HCL Domino
920:Web server
896:Web server
869:Web server
846:Web server
824:Web server
802:Web server
666:for phones
491:Windows XP
360:2019-02-18
214:Rostelecom
44:IP address
4048:goto fail
3860:MatrixSSL
3825:BoringSSL
3596:(TLS/SSL)
3528:RFC
3317:22 August
2882:5 January
2856:5 January
2747:4 October
2541:4 October
2516:4 October
2491:1 October
2276:1 October
2222:tlswg.org
2127:9 January
1683:2070-1721
1007:BoringSSL
962:HCL Notes
599:Barracuda
573:Barracuda
333:Supported
324:Supported
3984:Protocol
3914:Notaries
3890:SChannel
3865:mbed TLS
3855:LibreSSL
3840:cryptlib
3770:(DNSSEC)
3761:See also
3062:Archived
2821:Archived
2691:Archived
2465:2 August
2436:2 August
2430:Archived
2302:9 August
2201:9 August
1871:Engadget
1828:14963313
1565:lighttpd
1557:Mbed TLS
1536:Hiawatha
1521:net/http
1473:modules)
1144:Mozilla
1118:Mozilla
1097:Mbed TLS
1075:LibreSSL
318:Software
303:Support
259:Chromium
194:Another
48:TCP port
36:hostname
3905:wolfSSL
3900:stunnel
3885:s2n-tls
3875:OpenSSL
3790:History
3776:(IPsec)
3510:26 July
3485:13 June
3464:26 July
3418:26 July
3392:25 July
3367:25 July
3342:26 July
3165:26 July
3140:26 July
3068:18 July
2933:8 March
2827:25 July
2797:26 July
2772:26 July
2720:defo.ie
2697:25 July
2459:YouTube
2405:18 June
2379:18 June
2353:18 June
2253:25 July
2101:15 June
2096:curl.se
2075:15 June
2026:7 April
1708:GoDaddy
1613:OpenBSD
1589:HAProxy
1471:httplib
1258:Library
1254:wolfSSL
1236:Library
1215:Library
1193:Library
1190:Picotls
1173:Library
1169:OpenSSL
1151:Library
1125:Library
1101:Library
1079:Library
1056:Library
1034:Library
1011:Library
471:Partial
298:Support
287:OpenSSL
229:IETF117
184:(DoH).
169:TLS 1.3
167:) is a
56:service
4063:POODLE
4016:POODLE
4011:Logjam
3996:BREACH
3968:Cipher
3947:Theory
3895:SSLeay
3880:Rustls
3845:GnuTLS
3708:(OCSP)
3675:(ACME)
3643:(HPKP)
3637:(HSTS)
3620:(DANE)
3614:(ALPN)
3602:(DTLS)
3505:GitHub
3459:GitHub
3412:GitLab
3387:GitHub
3362:GitHub
3337:GitHub
3312:GitHub
3291:6 July
3286:GitHub
3266:6 July
3261:GitHub
3215:6 July
3190:6 July
3160:GitHub
3134:GitLab
3093:6 July
3038:6 July
3033:GitHub
2988:6 July
2792:GitHub
2767:GitHub
2687:Neowin
2604:Google
2348:Meduza
2196:GitHub
2173:13 May
2148:GitHub
2050:GitHub
2001:13 May
1896:Signal
1876:3 July
1826:
1816:
1756:3 July
1731:3 July
1681:
1467:urllib
1451:Python
1407:Since
1327:Erlang
1211:Rustls
1052:GnuTLS
479:Safari
336:Notes
273:, and
66:
32:client
4043:FREAK
4006:DROWN
4001:CRIME
3991:BEAST
3835:BSAFE
3830:Botan
3782:(SSH)
3743:(PKI)
3702:(CRL)
3630:HTTPS
3626:(CAA)
3608:(SNI)
2374:ZDNet
2297:ZDNet
1901:2 May
1824:S2CID
1615:httpd
1304:Lucee
1029:BSAFE
975:2023
916:Jetty
892:nginx
775:Dillo
382:Vista
330:Since
327:Notes
275:Opera
218:Tele2
52:HTTPS
3850:JSSE
3727:(EV)
3721:(DV)
3681:(CA)
3538:3546
3534:4366
3530:6066
3512:2023
3487:2021
3466:2023
3441:2020
3420:2023
3394:2023
3369:2023
3344:2023
3319:2024
3293:2023
3268:2023
3243:2012
3217:2023
3192:2023
3167:2023
3142:2023
3116:2022
3095:2023
3070:2023
3040:2023
3015:2024
2990:2023
2965:2017
2935:2011
2910:2017
2884:2021
2858:2021
2829:2023
2799:2023
2774:2023
2749:2023
2699:2023
2637:2019
2612:2024
2568:2023
2543:2023
2518:2023
2493:2023
2467:2023
2438:2023
2407:2021
2381:2021
2355:2021
2330:2020
2304:2020
2278:2023
2255:2023
2229:2021
2203:2020
2175:2019
2129:2021
2103:2020
2077:2020
2028:2022
2003:2019
1977:2018
1903:2018
1878:2024
1853:2019
1814:ISBN
1783:2019
1758:2024
1733:2024
1690:3546
1679:ISSN
1665:IETF
1602:2012
1578:2009
1549:2012
1526:2011
1509:Ruby
1499:2011
1469:and
1441:2014
1418:2012
1397:Perl
1387:2011
1374:Java
1363:2011
1340:2013
1317:2015
1134:2006
969:Yes
952:2020
929:2015
905:2007
882:2012
855:2009
788:2016
720:2012
707:wget
669:2011
589:2013
542:2013
517:2010
468:2008
455:cURL
439:2006
402:Edge
391:2006
347:IMAP
321:Type
233:IESG
174:CDNs
112:IETF
68:3546
46:and
3870:NSS
2953:IBM
2928:IBM
1806:doi
1687:RFC
1669:doi
1621:Yes
1596:Yes
1572:Yes
1543:Yes
1516:Yes
1493:Yes
1463:ssl
1458:Yes
1435:Yes
1428:PHP
1404:Yes
1381:Yes
1357:Yes
1334:Yes
1311:Yes
1268:Yes
1261:Yes
1239:Yes
1218:Yes
1203:Yes
1196:Yes
1176:Yes
1146:NSS
1137:Yes
1128:Yes
1120:NSS
1104:Yes
1082:Yes
1059:Yes
1037:Yes
1021:Yes
1014:Yes
999:Yes
992:Yes
985:H2O
946:Yes
923:Yes
899:Yes
872:Yes
849:Yes
827:Yes
805:Yes
782:Yes
714:Yes
699:DoH
687:Yes
656:Yes
609:Yes
602:ADC
583:Yes
576:WAF
536:Yes
520:Yes
512:Yes
486:Yes
462:Yes
447:DoH
442:Yes
433:Yes
417:Yes
409:Yes
377:Yes
354:Yes
247:DNS
165:ECH
114:'s
64:RFC
24:SNI
4090::
3503:.
3457:.
3410:.
3385:.
3360:.
3335:.
3310:.
3284:.
3259:.
3233:.
3208:.
3183:.
3158:.
3132:.
3086:.
3060:.
3056:.
3031:.
3006:.
2981:.
2951:.
2926:.
2900:.
2874:.
2848:.
2831:.
2819:.
2815:.
2790:.
2765:.
2740:.
2718:.
2707:^
2685:.
2628:.
2602:.
2598:.
2559:.
2534:.
2509:.
2484:.
2457:.
2428:.
2424:.
2398:.
2372:.
2346:.
2320:.
2295:.
2231:.
2220:.
2194:.
2177:.
2166:.
2145:.
2120:.
2094:.
2068:.
2047:.
2036:^
2019:.
1994:.
1968:.
1949:.
1894:.
1869:.
1844:.
1822:.
1812:.
1800:.
1774:.
1749:.
1724:.
1706:.
1685:.
1677:.
1663:.
1657:.
1630:No
1605:No
1581:No
1559:.
1552:No
1486:Qt
1465:,
1350:Go
1302:/
1292:No
1284:No
1246:No
1225:No
1183:No
1161:No
1154:No
1111:No
1089:No
1066:No
908:No
767:No
759:No
744:No
737:No
672:No
639:No
565:No
545:No
497:No
394:No
386:XP
269:,
265:,
3572:e
3565:t
3558:v
3540:)
3514:.
3489:.
3468:.
3443:.
3422:.
3396:.
3371:.
3346:.
3321:.
3295:.
3270:.
3245:.
3219:.
3194:.
3169:.
3144:.
3118:.
3097:.
3072:.
3042:.
3017:.
2992:.
2967:.
2937:.
2912:.
2886:.
2860:.
2801:.
2776:.
2751:.
2701:.
2671:.
2639:.
2614:.
2570:.
2545:.
2520:.
2495:.
2469:.
2440:.
2409:.
2383:.
2357:.
2332:.
2306:.
2280:.
2257:.
2205:.
2151:.
2131:.
2105:.
2079:.
2053:.
2030:.
2005:.
1979:.
1935:.
1905:.
1880:.
1855:.
1830:.
1808::
1785:.
1760:.
1735:.
1710:.
1692:.
1671::
1523:)
879:)
388:)
163:(
22:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.