* But, if I have Cloudflare (or any CDN) configured for a domain, and the origin is only available via IPv6, the need for a disambiguating SNI in the ClientHello from CDN to Origin is not clear.
That assumes that there is a one-to-one correspondence between an origin and its certificate, which isn’t true. I might have “api.example.com” and “new-api.example.com” at the same IP address.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
