|
|
|
|
|
|
by dave_universetf
1173 days ago
|
|
|
The funnel relays do SNI-based routing to the target machine in your tailnet, and that machine does the TLS termination. We use the initial TLS handshake to route the connection, but after that it's just opaque bytes to us. You can verify this in the client's source code, and use CT logs to see that there are no additional issued TLS certs beyond the one your end-machine created. |
|
|