Page MenuHomePhabricator

Enable ESNI support on Wikimedia servers
Open, NormalPublic

Event Timeline

Shizhao created this task.Sep 25 2018, 8:17 AM
Restricted Application added a project: Traffic. · View Herald TranscriptSep 25 2018, 8:17 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript

I would think this needs to come from nginx upstream

@Shizhao: Is this a feature request? Currently it looks like a question, and questions can be asked on mailing lists, on IRC, or in forums.

MoritzMuehlenhoff triaged this task as Normal priority.Sep 28 2018, 9:21 AM
Krenair renamed this task from WMF servers support ESNI? to Enable ESNI support on Wikimedia servers.Sep 28 2018, 10:22 AM
Krenair added a project: Upstream.
Vgutierrez moved this task from Triage to TLS on the Traffic board.Sep 28 2018, 12:52 PM
JW added a subscriber: JW.Oct 1 2018, 7:26 AM

@Shizhao: Is this a feature request? Currently it looks like a question, and questions can be asked on mailing lists, on IRC, or in forums.

While phrased weirdly, I think we can assume he is asking us to support the experimental ESNI TLS extension (https://tools.ietf.org/html/draft-ietf-tls-esni-01).

The feature may have interesting implications related to state censorship of Wikipedia.

Liuxinyu970226 added a subscriber: jcrespo.EditedDec 6 2018, 6:40 AM

@Krenair @Bawolff @jcrespo Wondering if we can enable QUIC support on our server clusters instead? I've heard that the github Googlehosts is providing the QUIC access to Google HK.

@Krenair @Bawolff @jcrespo Wondering if we can enable QUIC support on our server clusters instead? I've heard that the github Googlehosts is providing the QUIC access to Google HK.

I'm not really familiar with the QUIC protocol/upcoming HTTP/3 stuff, but i think that's a rather separate request. I think that QUIC is still using TLS, so still uses normal SNI (or eventually ESNI)

revi added a subscriber: revi.Mar 14 2019, 4:15 PM
94rain added a subscriber: 94rain.Fri, Apr 12, 12:00 AM