Y
Hacker News
new
|
ask
|
show
|
jobs
by
icebraining
4708 days ago
To connect to an HTTPS site without SNI, the IP can only host a single domain, so they can just block the whole (IP:443) combination without affecting any other site.
1 comments
cmircea
4708 days ago
What if the IP is dynamic? Say an Azure Cloud Service.
link
mpyne
4708 days ago
I think the problem is that you'd need a different X.509 certificate for TLS, for each and every single IP.
link
cmircea
4708 days ago
The certificate is issued for the domain, not the IP.
link