0

Assume there are two servers; server1.com has a standard SSL certificate installed and server2.com has a wildcard SSL certificate (*.server2.com) installed.

Next, assume you make from server 1 via SSL connection an API call to api2.server2.com...

If someone eavesdrops on the connection, which URL of server2 would the sniffer see?

Would the sniffer see server2.com or the subdomain that was called api2.server2.com?

user1402897
  • 103
  • 2
  • Besides of SSL handshakes the eavesdropper could also see some DNS requests, which might reveal the actual called URL. – Manuel Faux Nov 03 '13 at 15:12

1 Answers1

2

The Server Name Indication extension, now implemented by most SSL libraries, implies that a sniffer would see the name api2.server2.com as part of the unencrypted ClientHello message from server1.

As for the rest of the URL (the path on server2), it is sent only after the handshake, so it is not visible to sniffers (but sniffers may still obtain a good estimate of the path length, in characters).

Tom Leek
  • 168,808
  • 28
  • 337
  • 475