Post AQuMfr648iYl2eNkX2 by deafferret@octodon.social
 (DIR) More posts by deafferret@octodon.social
 (DIR) Post #AQuLhy2TCUU3CH8wvw by deafferret@octodon.social
       2022-12-23T19:21:10Z
       
       0 likes, 0 repeats
       
       @frostwolf @prehensile oh is that true? SSL fails to mask hostname, but DOES mask URL?
       
 (DIR) Post #AQuLhybD7KGyw1Oh5E by swaggboi@fedi.seriousbusiness.international
       2022-12-23T19:24:27.400601Z
       
       0 likes, 0 repeats
       
       @deafferret @frostwolf @prehensile Yes that is correct. I have to explain to customers that if we proxy their HTTPS traffic, we can’t break and inspect it unless we terminate TLS there and one of the popular things people want to do is block certain paths (usually NSFW subreddits or what not)
       
 (DIR) Post #AQuMWEWKCFpynD4n4q by swaggboi@fedi.seriousbusiness.international
       2022-12-23T19:33:33.513642Z
       
       0 likes, 0 repeats
       
       @frostwolf @deafferret @prehensile Also prior to SNI you wouldn’t even see the hostname, just the IPs but something something scaling and they made SNI a thing and now it appears to be even enforced by many platforms I’ve used
       
 (DIR) Post #AQuMfr648iYl2eNkX2 by deafferret@octodon.social
       2022-12-23T19:32:45Z
       
       0 likes, 0 repeats
       
       @frostwolf @swaggboi @prehensile  Well shit, thank you for educating me. Clearly I need to install an SSL certificate so my legions of users have plausible deniability between jays.net/genealogy and jays.net/WireFraud ;)
       
 (DIR) Post #AQuMftkYHA8JGnL6um by swaggboi@fedi.seriousbusiness.international
       2022-12-23T19:35:17.507485Z
       
       0 likes, 0 repeats
       
       @deafferret @frostwolf @prehensile Honestly I agree with the premise of what you were saying. My personal homepage does not need SSL. I’m just here to talk shop 🍻