<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<blockquote type="cite"
cite="mid:0405e887-8c33-3cf8-4630-c43f695fe473@treenet.co.nz">
<blockquote type="cite">I would have expected that the remote host
ip:port and sni would be logged
<br>
as well in the above mentioned line.
<br>
<br>
</blockquote>
<br>
SNI is one of the details TLS/1.3 encrypts now :(
<br>
</blockquote>
<br>
<pre class="newpage">To prevent misunderstandings, TLS 1.3 does not encrypt the SNI.
See <a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni">https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni</a> :
Although TLS 1.3 [<a href="https://datatracker.ietf.org/doc/html/rfc8446" title=""The Transport Layer Security (TLS) Protocol Version 1.3"">RFC8446</a>] encrypts most of the handshake, including
the server certificate, there are several ways in which an on-path
attacker can learn private information about the connection. The
plaintext Server Name Indication (SNI) extension in ClientHello
messages, which leaks the target domain for a given connection, is
perhaps the most sensitive, unencrypted information in TLS 1.3.
However, there is an optional TLS 1.3 extension that may encrypt the SNI and refers to it as ESNI.
Marcus</pre>
<br>
</body>
</html>