Thus said Dan Egli on Sat, 04 Jul 2015 03:15:50 -0700: > Okay, I've been watching this thread, and most of it I understand. But > I have to admit I've never heard of HAProxy, sslh, SNI, or a Reverse > VPN. Would someone care to illuminate me on these, please? I thought > I'd heard of most Linux related ideas, but these are totally new to > me.
SNI exchanges a tiny bit of privacy for the convenience of having a web hosting provider be able to support multiple SSL certificates on the same IP/PORT combination. Basically, the client, when establishing the connection to a web server, will send the hostname to which it is connecting in the clear. Prior to SNI, the only place the hostname was visible during HTTPS was during the Host: verb, but that was protected via SSL. Of course, there are also other pieces of information that were available that diminished the privacy in similar fashion (e.g. DNS, the IP of the host itself, etc...) Andy -- TAI64 timestamp: 400000005598088d /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
