>Isn't that more complicated than sending the SNI in the second client message, >though?
The server needs to know which cert to use after it receives the *first* client message. * If the CDN ---> Origin traffic is IPv6, there's no need to serve multiple certs from one IP address. Customers don’t want to be limited to that, for reasons I’ve tried to explain before.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
