All news with #tls inspection tag

AWS Network Firewall: SNI Session Holding for TLS Guide

🔒 AWS Network Firewall now offers SNI session holding to strengthen TLS inspection by validating the TLS SNI before initiating an outbound TCP connection. When enabled, the firewall holds TCP/TLS establishment until it receives the ClientHello SNI and evaluates it against Suricata-based TLS inspection rules, preventing any contact with disallowed endpoints. Administrators can enable this option in a TLS inspection configuration via the AWS Management Console, AWS CLI, or AWS SDK; it’s available in Regions including GovCloud and China and is billed as part of TLS advanced inspection.