Y
Hacker News
new
|
ask
|
show
|
jobs
by
cmircea
4712 days ago
They CANNOT use HTTP filtering as that would break on HTTPS.
2 comments
icebraining
4712 days ago
Nope, the domain is always visible on HTTPS, due to SNI. They can just block it.
link
mrweasel
4712 days ago
Older Win XP machines doesn't support SNI, so you could get around it with an older machine. Of cause that's a problem that will go away over time.
link
icebraining
4712 days ago
To connect to an HTTPS site without SNI, the IP can only host a single domain, so they can just block the whole (IP:443) combination without affecting any other site.
link
cmircea
4712 days ago
What if the IP is dynamic? Say an Azure Cloud Service.
link
mpyne
4712 days ago
I think the problem is that you'd need a different X.509 certificate for TLS, for each and every single IP.
link
cmircea
4712 days ago
The certificate is issued for the domain, not the IP.
link
rmc
4712 days ago
I think Cleanfeed didn't block HTTPS. When have you ever heard of a public, governmental programme that
didn't
have a stupid flaw? :P
link