|
|
|
|
|
|
by Natsu
1771 days ago
|
|
|
> Somehow I’ve avoided gaining an understanding of the details of the SNI protocol You put the requested hostname (e.g. example.com) into the Client Hello message in cleartext so that the server knows which SSL site to direct you to / which SSL cert to give you. And the server has a config that matches up server certs with hostnames (and a default server cert) to return. That's it. It's why people want to encrypt the client hello message, because that leaks info. https://en.wikipedia.org/wiki/Server_Name_Indication |
|
|