US 11,722,463 B2
Managing encrypted server-name-indication (ESNI) at proxy devices
Jianxin Wang, Saratoga, CA (US); and Hari Shankar, San Jose, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jun. 6, 2022, as Appl. No. 17/833,458.
Application 17/833,458 is a continuation of application No. 16/742,716, filed on Jan. 14, 2020, granted, now 11,356,423.
Prior Publication US 2022/0303251 A1, Sep. 22, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01)
CPC H04L 63/0428 (2013.01) [H04L 9/0891 (2013.01); H04L 63/0281 (2013.01); H04L 63/0464 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A network security device configured to monitor data traffic between a first device and a second device, the network security device comprising:
one or more processors; and
one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform acts comprising:
sending first key information associated with the network security device to a domain name server configured to store the first key information in association with multiple domain names including a domain name associated with the second device, wherein the domain name server is configured to provide the first key information to the first device at least partly in response to the first device sending a request for an address associated with the second device; and
intercepting a first initial message of a first encrypted handshaking procedure for a first secure communication session between the first device and the second device, the first initial message specifying a hostname that has been encrypted using the first key information.