TIL that HTTPS with Server Name Indicator leaks the domain you’re trying to reach in plaintext before the TLS handshake takes place. I always just assumed handshake was first, and the domain request was encrypted.

published


home / about / posts / notes / RSS