- Aug 17, 2014
If you have upgraded your stable version of the Firefox web browser to version 85.0, released in January, you may have noticed that it no longer supports ESNI.
Problem: ECH needs servers
While Firefox does support ECH, it is just one side of the coin as servers are needed for the feature to work. Cloudflare's test reveals that the SNI is not encrypted currently even while the feature is enabled in Firefox, and that indicates that the default provider, which is Cloudflare, has not enabled it yet.
Firefox users who used the feature prior to version 85.0 Stable found themselves in a precarious situation: Mozilla did remove the feature from the browser, but there was no option to use ECH yet; this in turn meant that privacy could be impacted. Users reported the issue on Mozilla's bug tracking site, some stating that dropped support would allow censorship mechanics to work again. All these reports appear to have received the "won't fix" status.
Mozilla suggests that users use Firefox ESR for the time being, as support for ESNI is still available in that browser. It is an option, but users would have to be aware of the change first to make the switch.
It is unclear why Mozilla removed support for ESNI early. It would have been better from a user point of view if Mozilla would have waited until servers would be available that support ECH. Cloudflare, being the default provider in Firefox, being a prime choice for that.
Firefox users who require it may switch to ESR for the time being. ECH looks more promising than ESNI, but Mozilla's timing could have been better.