Forum Discussion
You can now Enable Encrypted Client Hello (Encrypted SNI or ESNI/ECH) in Microsoft Edge
Hello,
I tried what you said with Edge 110.0.1587.56. Cloudflare shows working at https://www.cloudflare.com/ssl/encrypted-sni/ but not https://defo.ie/ech-check.php
I did the following:
1) Enable "Use DNS https alpn" at edge://flags/#use-dns-https-svcb-alpn
(I don't see edge://flags/#dns-https-svcb )
2) Edit Edge shortcut to include --enable-features=EncryptedClientHello
3) Kill all Edge processes with "taskkill /im msedge.exe /f"
4) Open Edge and go to both sites to see if ESNI works
It shows that ESNI is working on Cloudflare site but not defo.ie. Any thoughts if the defo.ie site may be not working or something my side/ISP? My main DNS servers on my Asus router are 1.1.1.1 and 9.9.9.9 with IPv6 equivalent and utilize DoT.
I seem to get mixed results with Secure DNS and Secure SNI when I refresh and do Check My Browser or kill msedge and try again. Secure SNI will show not working at first and Secure DNS working. When I refresh, Secure DNS will show not working but Secure SNI working. Both DNS providers support DNSSEC. Two things here Secure DNS and Secure SNI but hoping to use two DNS providers and if 9.9.9.9 doesn't support Secure SNI, is there an alternative I can try?
Thanks,
Jason
I just tried this again in Edge Version 114.0.1823.58 (Official build) (64-bit) and it's working
Use the same procedure I explained in my post, it should work, just make sure Startup boost isn't on so that when you change the command line flags it will take effect immediately.
Cloudflare's website is also updated to support ECH and it detects it too.
Here i checked it with Wireshark too for this site: https://defo.ie/ech-check.php
