I would have expected that the remote host
ip:port and sni would be logged
as well in the above mentioned line.
SNI is one of the details TLS/1.3 encrypts now :(
To prevent misunderstandings, TLS 1.3 does not encrypt the SNI.
See https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni :
Although TLS 1.3 [RFC8446] encrypts most of the handshake, including
the server certificate, there are several ways in which an on-path
attacker can learn private information about the connection. The
plaintext Server Name Indication (SNI) extension in ClientHello
messages, which leaks the target domain for a given connection, is
perhaps the most sensitive, unencrypted information in TLS 1.3.
However, there is an optional TLS 1.3 extension that may encrypt the SNI and refers to it as ESNI.
Marcus
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users