sni0
sni0.com

What is sni0?

sni0 [pronounced S-N-I-zero] is a high-performance privacy proxy and cryptographic engine designed to address the visibility of Server Name Indication (SNI) in the TLS handshake. It provides advanced Encrypted Client Hello (ECH) support, Anycast network routing, and massive throughput scalability for privacy-conscious infrastructures.

Latest News

14 Jan 2026 sni0-1.25.4 mainline version has been released.
02 Dec 2025 Security advisory: ECH padding vulnerability fixed in 1.25.3.
15 Nov 2025 sni0-1.24.0 stable version has been released.

Core Features

ECH Acceleration Native support for Encrypted Client Hello with zero latency penalty. STABLE
TLS 1.3 Hardening Strict compliance with RFC 8446, disabling legacy insecure suites. STABLE
Dynamic Anycast Automatic BGP route optimization for edge nodes. NEW
Post-Quantum KEM Experimental support for Kyber hybrid key exchange. BETA
Lua Scripting Extendable request handling using embedded LuaJIT. STABLE

Example Configuration

sni0 {
    worker_processes  auto;

    security {
        ech_mode on;
        ech_config_path /etc/sni0/ech.config;
        tls_protocols TLSv1.3;
    }

    upstream edge_nodes {
        anycast_group global_cluster;
        keepalive 64;
    }

    server {
        listen 443 ssl http2;
        server_name sni0.com;

        location / {
            proxy_pass http://edge_nodes;
            privacy_headers on;
        }
    }
}