Skip to Content [alt-c]
In reply to Comment by Reader Jason Stangroome
Thanks, Jason!
SNI is not encrypted in TLS 1.3 and this code works with TLS 1.3.
There is ongoing work to add encrypted SNI to TLS <https://tools.ietf.org/html/draft-ietf-tls-esni-07>. The proposal explicitly supports SNI-based proxying. The proxy server would operate as the "provider", receive the encrypted Client Hello, decrypt it, and forward the connection along to the backend, without seeing the plaintext of the connection. This is the "split mode topology" shown on page 4.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.