Comment by dhaavi

4 years ago

CTO of Safing here.

We have SNI inspection in progress (currently on hold), but not yet live. Currently, we just match the IP address to all resolved IPs of all domains and pick the most recent one. (The Portmaster handles DNS via DNS-over-TLS.)

With TLS1.3, the SNI will be encrypted, so this information will be "gone" for us anyway.

0 comments

dhaavi

Reply