Sujet : Re: [LINK] Calling time on DNSSEC?
De : gtaylor (at) *nospam* tnetconsulting.net (Grant Taylor)
Groupes : comp.miscDate : 05. Dec 2024, 02:17:08
Autres entêtes
Organisation : TNet Consulting
Message-ID : <viquuk$l6k$1@tncsrv09.home.tnetconsulting.net>
References : 1 2 3 4 5 6 7 8 9 10
User-Agent : Mozilla Thunderbird
On 12/3/24 23:49, Lawrence D'Oliveiro wrote:
It can’t be.
Sure it can.
TLS cannot start encryption on HTTP until it gets a cert that identifies the server.
The TLS connection is fully established and fully encrypted *BEFORE* any HTTP is sent /through/ /the/ /inside/ /of/ /said/ /TLS/ connection.
That cert depends on the domain name.
No, not quite.
The domain name can be used to inform which cert the server should use, and that's EXACTLY what Server Name Indication (a.k.a. SNI) is. SNI is part of TLS.
Which comes from the “Host:” header line from the client.
Nope.
TLS can optionally send the domain name that it's going to connect to as part of the TLS session establishment using SNI.
After the TLS session is established, then the web client sends the Host: header.
Which is why that cannot be sent encrypted.
Do some reading on SNI, and then ESNI. The links that I shared previously have a decent write up.
Also, consider protocols that don't send a Host: header (as HTTP does) still using SNI to indicate which domain name is being connected to.
You can also take a look at TLS traffic inside of Wireshark and see that the destination name is sent very early in the connection as part of SNI.
If you have your client (Firefox) save the ephemeral keys, you can decrypt the TLS session and see that the Host: header comes much later, /AFTER/ the TLS connection is fully established.
-- Grant. . . .