Actually most SSL based browsers will transmit the domain cleartext as part of SSL handshaking. This was added so virtual hosting webservers can all have independent certs on the same IP
See the following link for the specifics ... but needless to say its easy to block SSL access with a transparent proxy or layer 7 firewall. (which based on the error page looks like a Palo Alto device which definitely can do this...)
See the following link for the specifics ... but needless to say its easy to block SSL access with a transparent proxy or layer 7 firewall. (which based on the error page looks like a Palo Alto device which definitely can do this...)
https://idea.popcount.org/2012-06-16-dissecting-ssl-handshak...