SSL_ERROR_MISSING_ESNI_EXTENSION in firefox with network.security.esni.enabled set to true

[bobjrsenior]

See edits: It's a periodic issue

This probably affects a very small number of people, so it's understandable if it isn't fixed.

That being said, when I have ESNI enabled, I'm starting to get SSL_ERROR_MISSING_ESNI_EXTENSION on the site when running Firefox 68.0.
I enabled ESNI probably a week ago I think, so I'm pretty sure the site has worked with it before now.

In order to enable ESNI in Firefox, you'll need to enable DNS over HTTPS and then set the network.security.esni.enabled about:config setting to true.
You can see a descryption of ESNI and how to enable it here: https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
You can also use this site to test if it's enabled https://www.cloudflare.com/ssl/encrypted-sni/
Make sure to clear your cache after enabling it or open mangadex in fresh private browsing window.

Edit: Nevermind, it's working again for some reason.
Edit 2: It happened roughly 8:00-8:13 PM EST as well, but not at 9:00 PM EST.
Edit 3: Encountered the issue today (2019-07-20) around 5 PM EST
2019-07-20 10:00 PM EST
2019-08-03 11:00 AM EST (I have DoH, DNSSec TLS1.3, and ESNI according to Cloudflare however I occasionally have to turn it off to get DNS working. This issue on mangadex was not one of those times)

 

[bobjrsenior]

I encountered the issue again today (see edit to the original post) so I'm guessing it's a periodic issue.
My random guess is that it may be due with a differing level of ddos protection which ends up using a different server (or something) that doesn't support it?
Either way, I don't think it was some random fluke since I've encountered it on different days now. I may keep logging when I encounter it as edits to the first post in case this is ever a bigger issue.

 

[Holo]

Maybe a cloudflare issue?

The webserver config has not been modified for months.

 

[bobjrsenior]

I only enabled esni around a week ago and it takes a couple non-default settings to use, so there is a small chance it's been like this for a while.
Definitely could be a cloudflare issue. For some reason, it generally only happens around the turn of an hour and not for that long.
It's infrequent enough that I can deal with it.

 

[ixlone]

I've had DoH / ENSI enabled for a while and I'm not getting that error, everything seems to be working fine on Firefox 68.0.1.

Do you also have DoH enabled, too? I also have CFs normal DNS set for both ipv4 and ipv6 in windows - not sure if that matters though.

 

[bobjrsenior]

Maybe it is just me then. I use CF's normal DNS for ipv4 and ipv6 in windows as well.
I'll see if I can enable DNSSEC to see if that does anything for me.
Thanks for looking into it everyone.