I would have expected that the remote host ip:port and sni would be logged
as well in the above mentioned line.
SNI is one of the details TLS/1.3 encrypts now :(
To prevent misunderstandings, TLS 1.3 does not encrypt the SNI. See https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni : Although TLS 1.3 [RFC8446] encrypts most of the handshake, including the server certificate, there are several ways in which an on-path attacker can learn private information about the connection. The plaintext Server Name Indication (SNI) extension in ClientHello messages, which leaks the target domain for a given connection, is perhaps the most sensitive, unencrypted information in TLS 1.3. However, there is an optional TLS 1.3 extension that may encrypt the SNI and refers to it as ESNI. Marcus
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
