All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

RFC 9849: TLS Encrypted Client Hello Specification for Enhanced Privacy

By

P_qRs

2mo ago· 57 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Kettled twice. Extra chewy, extra trustworthy.

Score100TypenewsSentimentneutral

Summary

RFC 9849 defines a new mechanism for encrypting ClientHello messages in TLS (Transport Layer Security) under a server public key. This addresses privacy vulnerabilities in TLS 1.3 where plaintext Server Name Indication (SNI) extensions in ClientHello messages can leak private information about connections to on-path attackers. The document provides technical specifications for implementing encrypted ClientHello functionality to enhance privacy in TLS handshakes.

Key quotes

· 3 pulled
This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key.
Although TLS 1.3 [RFC8446] encrypts most of the handshake, including the server certificate, there are several ways in which an on-path attacker can learn private information about the connection.
The plaintext Server Name Indication (SNI) extension in ClientHello messages, which leaks private information about the connection.
Snippet from the RSS feed
This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key.

You might also wanna read

#NYTechWeek Panel: Addressing the Youth Cybersecurity Talent Gap

This article announces a panel event at #NYTechWeek focused on the cybersecurity talent gap among young people. Moderated by Girls Who Code

partiful.com·3h ago

Building a Vulnerable SSH Lab to Learn Real-World Attack Techniques

This article guides readers through setting up and using VulnSSH, a purposely insecure SSH environment inside a local pentest lab, to learn

infosecwriteups.com·1d ago

Higher Education Grapples with Cybersecurity Fallout After Canvas LMS Ransomware Attack

A ransomware attack on Instructure's Canvas LMS has sparked widespread concern in higher education about cybersecurity, data privacy, and th

er.educause.edu·2d ago

CoSN Report: Cybersecurity Tops EdTech Priorities, But Staffing and Budget Gaps Persist

CoSN's annual State of EdTech Leadership Report reveals cybersecurity as the top priority for K-12 education technology leaders. While most

cosn.org·4d ago

Shira: A Phishing Awareness Training Platform for Teams and Individuals

Shira is a cybersecurity training platform that helps organizations and individuals build skills to identify and defeat phishing attacks. It

shira.app·10d ago

Canvas parent company reaches deal with hackers to delete stolen student data

Instructure, the parent company of the Canvas online learning platform, reached an agreement with hackers to delete data stolen in a cyberat

nbcnews.com·17d ago