Not sure, but SNI is an optional field, so it might be that some sessions don’t have it. I suppose session resumption could be at play. Do you have access to the TLS eve record type in AWS?
Not sure, but SNI is an optional field, so it might be that some sessions don’t have it. I suppose session resumption could be at play. Do you have access to the TLS eve record type in AWS?