|
|
|
|
|
|
by jsmthrowaway
3167 days ago
|
|
|
In what sense? An attacker can already see the endpoints of a TLS conversation, and worrying about hostname disclosure is security through obscurity; the client already divulged the destination hostname with a probably-cleartext DNS query, too. Not worth worrying about. SNI is fine. If hostname disclosure is a security threat, the system needs rearchitecture. Systems that hostname their customers (mycompany.example.com) should use wildcards for that scenario instead of SNI, among other reasons. That’s the only possible concern I can imagine. |
|
|
Multi domain certs help but then you need to encode all the names ahead of time and if you miss a name you need to reissue and reapply the cert.