From: gtaylor@tnetconsulting.net   
      
   On 12/3/24 23:49, Lawrence D'Oliveiro wrote:   
   > It can’t be.   
      
   Sure it can.   
      
   > TLS cannot start encryption on HTTP until it gets a cert that   
   > identifies the server.   
      
   The TLS connection is fully established and fully encrypted *BEFORE* any   
   HTTP is sent /through/ /the/ /inside/ /of/ /said/ /TLS/ connection.   
      
   > That cert depends on the domain name.   
      
   No, not quite.   
      
   The domain name can be used to inform which cert the server should use,   
   and that's EXACTLY what Server Name Indication (a.k.a. SNI) is.  SNI is   
   part of TLS.   
      
   > Which comes from the “Host:” header line from the client.   
      
   Nope.   
      
   TLS can optionally send the domain name that it's going to connect to as   
   part of the TLS session establishment using SNI.   
      
   After the TLS session is established, then the web client sends the   
   Host: header.   
      
   > Which is why that cannot be sent encrypted.   
      
   Do some reading on SNI, and then ESNI.  The links that I shared   
   previously have a decent write up.   
      
   Also, consider protocols that don't send a Host: header (as HTTP does)   
   still using SNI to indicate which domain name is being connected to.   
      
   You can also take a look at TLS traffic inside of Wireshark and see that   
   the destination name is sent very early in the connection as part of SNI.   
      
   If you have your client (Firefox) save the ephemeral keys, you can   
   decrypt the TLS session and see that the Host: header comes much later,   
   /AFTER/ the TLS connection is fully established.   
      
      
      
   --   
   Grant. . . .   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)