Since the ClientHello is sent in the clear, a MITM can simply reset the connection until the client retries with SNI. Again, there is no generally useful way to solve this
"... a MITM can simply reset the connection until the client retries with SNI."
That doesnt happen when I fetch https://example.com without sending a servername in ClientHello.
For the majority of TLS-enabled websites on the internet, that does not happen. I get the page content just fine witout sending a servername in ClientHello.
But I should send the servername in ClientHello anyway?
That doesnt happen when I fetch https://example.com without sending a servername in ClientHello.
For the majority of TLS-enabled websites on the internet, that does not happen. I get the page content just fine witout sending a servername in ClientHello.
But I should send the servername in ClientHello anyway?
This reasoning I am too stupid to understand.