SNI leakage prevention with proxy

Question

In TLS 1.2 / HTTP(S) context, plaintext target hostname could potentially leak in 3 different ways:

In DNS query prior to TCP/TLS/HTTP connection.
In TLS handshake, ClientHello message, in SNI extension.
In HTTP Host header.

DNS leakage can be prevented by using e.g. DoH/DoT. HTTP Host header leakage is prevented through TLS encryption. This leaves us with SNI leakage to address.

Which proxy types prevent leaking plaintext SNI and how?

Please note I'm asking explicitly about proxies, not ESNI, domain fronting or other similar means.

I'm interested in all the scenarios related to network sniffing. — automatictester, Sep 09 '21 at 20:38
Yes, but *where* is the attacker? In the local network of the client, or near the web server? — vidarlo, Sep 09 '21 at 20:38
I assume it can be anywhere. Either sniff between client and proxy, or proxy and target host. — automatictester, Sep 09 '21 at 20:39

score 3 · Answer 1 · answered Sep 09 '21 at 20:44

Ultimately, it doesn't matter if you assume the attacker can listen to data after the proxy. The proxy will have to send a SNI to the server, which, barring ESNI as you do, has to be in clear text.

If you want to use unencrypted SNI, then the SNI will be sent to the web server in clear text! There's no way around this. You may encrypt it inside another layer along parts of the path, but the web server needs the unencrypted SNI.

If the attacker can listen to traffic before and after proxy this should be a rather trivial correlation to make.

If, however, the attacker is in the local network of the client, all that matters is to set up a encrypted tunnel to outside the local network. This can be HTTPS, ssh, IPSec or any other tunneling technology.

SNI leakage prevention with proxy

1 Answers1