I would have expected that the remote host ip:port and sni would be logged
as well in the above mentioned line.
SNI is one of the details TLS/1.3 encrypts now :(
To prevent misunderstandings, TLS 1.3 does not encrypt the SNI.
See https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni
On 26/01/22 06:12, Eliezer Croitoru wrote:
Hey,
I have recently seen more then one site that doesn't provide the full CA
bundle chain.
An example:
https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudschool.org
https://www.ssllabs.com/ssltest/analyze.html?d= certificatechain.io
I wanted to
Hey,
I have recently seen more then one site that doesn't provide the full CA
bundle chain.
An example:
https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudschool.org
https://www.ssllabs.com/ssltest/analyze.html?d= certificatechain.io
I wanted to somehow get this issue logged properly.