> Well, the current conflict is with Amazon; your CDN might or might not object to domain fronting.
Yeah, understood, I meant CloudFront specifically.
> I don't think their infrastructure can actually block it
If I terminate TLS at CloudFront they can certainly compare SNI with the Host header and block on any mismatches. This is silly of course, since there are legit reasons to do this.
Yeah, understood, I meant CloudFront specifically.
> I don't think their infrastructure can actually block it
If I terminate TLS at CloudFront they can certainly compare SNI with the Host header and block on any mismatches. This is silly of course, since there are legit reasons to do this.
You answered my question though. Thanks!