Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post will show why SNI-only mode is not just beneficial, but crucial, for harnessing the full potential of these features, along with sharing key insights from our comprehensive research on SNI traffic. Understanding the Role of SNI SNI is an extension of the TLS protocol within HTTPS. It empowers the client to specify the desired hostname during the TLS handshake, enabling servers to differentiate between multiple domains sharing the same IP address. SNI became an important foundation for modern web security, especially in the context of hosting services, load balancers, and CDN architectures. When the server gets the hostname from the client in the SNI extension, it can customize the TLS handshake to the needs of this hostname. For example, it can provide the right certificate, negotiate the cipher suite according to the cipher selection template, and use mTLS if configured to do so. SNI-Only Mode in the Context of Imperva Cloud WAF When using Imperva Cloud WAF to safeguard your website, the platform assumes the role of the server for end-user interactions, culminating in the termination of HTTPS/TLS connections. Each website within Cloud WAF is configured as a discrete "web site"…Read More