Firefox 118 boosts security with Encrypted Client Hello support

By admin

Mozilla
ORG

released

Firefox 118
LAW

Stable in

late September 2023
DATE

to the public. It was a major release, as it introduced the long awaited native translate feature in the browser.

ADVERTISEMENT

Privacy friendly translations of websites was not the only privacy feature that

Mozilla
ORG

integrated into the browser. Firefox

118
CARDINAL

Stable is also supporting

Encrypted Client Hello
PERSON

, which many may see as even more important. The main purpose of the security feature is to protect data from network spies. A spy can be

the Internet Service Provider
ORG

or anyone listening in on the traffic in the network.

Here is an example to better illustrate the feature. A regular connection to a website uses HTTPS usually. This means that traffic data is encrypted and therefore protected against traffic monitoring. The address of the website, say ghacks.net, is not encrypted, however. This means that it will leak when someone monitors traffic.

Encrypted Client Hello
PERSON

resolves this by encrypting the address of the site as well, so that the visited sites are no longer revealed.


Encrypted Client Hello
PERSON

relies on

the Domain Name System
ORG

, and here in particular on

DNS
ORG

over HTTPS.

DNS
ORG

over HTTPS encrypts domain lookups and is used to fetch a key from the web server that

Encrypted Client Hello
PERSON

uses to encrypt all traffic to the server and site in question.

Firefox users need to make sure that

DNS
ORG

over

HTTPS
ORG

is used in the browser to utilize Encrypted Client Hello. This is done in the following way:

Load about:preferences#privacy in the

Firefox
ORG

address bar to open the Privacy and Security settings. Scroll all the way down to the

DNS
ORG

over HTTPS section on the page. Firefox controls

DNS
ORG

over HTTPS by default. You may want to switch to Increased or

Max Protection
ORG

instead, as it ensures that the feature is used all the time. The difference between Increased and

Max
PERSON

protection is that Increased includes a fallback to regular

DNS
ORG

whereas

Max
PERSON

protection will not load sites if secure

DNS
ORG

is not available. Select

one
CARDINAL

of the available providers or add a custom provider to

Firefox
ORG

so that it is used.

With

DNS
ORG

over HTTPS enabled,

Firefox
ORG

will use Encrypted Client Hello automatically, provided that the web server of the site supports it. Users who want to know for sure can check out these

two
CARDINAL

test sites to find out.


Mozilla
ORG

announced support for

Encrypted Client Hello
ORG

on the official blog. A support page on the

Mozilla
ORG

website provides additional information and resource links.


Chromium
ORG

-based web browsers support

Encrypted Client Hello
PERSON

as well. The most recent version of

Google Chrome
ORG

, version

117
CARDINAL

, supports the feature.

Now You: what is your take on this privacy feature?

Summary Article Name Firefox

118
CARDINAL

boosts security with

Encrypted Client Hello
ORG

support

Description Mozilla
ORG

has implemented Encrypted Client Hello support in

Firefox 118
LAW

Stable, which improves privacy significantly. Author

Martin Brinkmann
PERSON

Publisher Ghacks Technology News Logo

Advertisement