|
|
|
|
|
|
by caf
2971 days ago
|
|
|
The conceit here is that you must be "authorized" in order to write an app that puts the domain in question into the SNI field of a TLS connection that it initiates. I don't think that's reasonable. It is of course up to Amazon what their servers then do when presented with such a connection, in particular whether they ensure the Host: header later presented matches the SNI data. |
|
|