You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Zoraxy currently lacks the ability to restrict TLS versions per proxy route, making it impossible to disable TLS 1.3 and prevent Encrypted Client Hello (ECH) negotiation, which breaks SNI-based routing and auditability.
Please introduce per-route and global configuration options to explicitly set MinTLSVersion and MaxTLSVersion, allowing users to cap TLS at 1.2. This would restore SNI visibility and prevent Encrypted Client Hello (ECH) negotiation, which currently breaks proxy routing and auditability in self-hosted environments.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Zoraxy currently lacks the ability to restrict TLS versions per proxy route, making it impossible to disable TLS 1.3 and prevent Encrypted Client Hello (ECH) negotiation, which breaks SNI-based routing and auditability.
Please introduce per-route and global configuration options to explicitly set MinTLSVersion and MaxTLSVersion, allowing users to cap TLS at 1.2. This would restore SNI visibility and prevent Encrypted Client Hello (ECH) negotiation, which currently breaks proxy routing and auditability in self-hosted environments.
Beta Was this translation helpful? Give feedback.
All reactions