Skip to content

Add SNI Check documentation for English and Portuguese versions#2270

Open
GabrielAzion wants to merge 1 commit into
mainfrom
EDU-6651-sni-check
Open

Add SNI Check documentation for English and Portuguese versions#2270
GabrielAzion wants to merge 1 commit into
mainfrom
EDU-6651-sni-check

Conversation

@GabrielAzion

@GabrielAzion GabrielAzion commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Related issue: EDU-6651

The SNI Check reference documentation has been created.

What was done

New file created — all confidential client data from the draft (Analise SNI Check.md) was excluded. The public documentation covers:

  1. What is SNI — concise explanation of the TLS extension and its relationship to workloads and Certificate Manager.

  2. Request routing decision algorithm — the full decision tree rendered as a fenced code block, followed by a reference table explaining each step in plain technical language. The final X509_check_host enforcement step is called out explicitly, including the note that case-insensitive comparison prevents false positives.

  3. How to identify if your application is affected — instructs users to monitor for 421 Misdirected Request responses, describes the common connection-reuse scenarios that trigger it, and points to Real-Time Events for investigation.

  4. How to fix SNI mismatches — actionable guidance: review Certificate Manager entries, use wildcard or multi-SAN certificates, and correlate 421 events with the host/ssl_server_name fields.

  5. Why this enforcement matters — explains the SNI Spoofing threat model and why strict validation is the correct security posture.

Standards applied

  • Frontmatter matches the pattern used in origin-shield.mdx (title, description, meta_tags, namespace, permalink).
  • Nomenclature updated: Digital CertificatesCertificate Manager; Edge FirewallFirewall; Azion Edge PlatformAzion Web Platform.
  • No confidential data — all specific customer domain names, IP addresses, and internal log samples from the draft were omitted.
  • Brand voice — technical and direct, outcome-focused, no forbidden expressions.

@GabrielAzion
GabrielAzion requested a review from a team as a code owner July 15, 2026 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant