Destination domain extraction for secure protocols

What is claimed is: 1 . (canceled) 2 . A system, comprising: a processor configured to: monitor network communications between a client and a remote server; determine if the client sends a request to create a secure connection with the remote server; extract a destination domain from the request to create the secure connection with the remote server; and extract a commonName identified in a public certificate sent from the remote server to the client; and a memory coupled to the processor and configured to provide the processor with instructions. 3 . The system recited in claim 2 , wherein the destination domain is extracted from a server name indication (SNI) of a client hello message sent from the client to the remote server. 4 . The system recited in claim 2 , wherein a secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and wherein the destination domain is extracted from a server name indication (SNI) of a client hello message sent from the client to the remote server. 5 . The system recited in claim 2 , wherein a secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, wherein the destination domain is extracted from a server name indication (SNI) of a client hello message sent from the client to the remote server, and wherein the client hello message is an unencrypted communication. 6 . The system recited in claim 2 , wherein the processor is further configured to: determine whether the destination domain extracted from a server name indication (SNI) of a client hello message sent from the client to the remote server matches the commonName identified in the public certificate sent from the remote server to the client. 7 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device. 8 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a malware detection policy. 9 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a uniform resource locator (URL)/category filtering related policy. 10 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy. 11 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy, and wherein a session associated with the network communications between the client and the remote server are not decrypted if the destination domain is included in a whitelist of the whitelist/blacklist policy. 12 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy, and wherein a session associated with the network communications between the client and the remote server are decrypted if the destination domain is included in a blacklist of the whitelist/blacklist policy. 13 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: apply a security policy based on the destination domain to filter traffic at the security device, wherein a session associated with the network communications between the client and the remote server are decrypted to verify that the destination domain extracted from a server name indication (SNI) matches a domain associated with a uniform resource locator (URL) for the session associated with the network communications between the client and the remote server. 14 . The system recited in claim 2 , wherein the processor is further configured to: decrypt a monitored encrypted network communications of a session associated with the network communications between the client and the remote server to verify that the destination domain extracted from a server name indication (SNI) matches a domain associated with a uniform resource locator (URL) for the session associated with the network communications between the client and the remote server. 15 . The system recited in claim 2 , wherein the system includes a security device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the remote server; send a request to establish the encrypted session on behalf of the client to the remote server; send an encrypted session response to the client on behalf of the remote server using a session key associated with the security device; decrypt encrypted traffic between the client and the remote server to monitor for a request from the client to create a tunnel using a first protocol with the remote server; allow the request to create the tunnel; monitor decrypted session traffic between the client and the remote server over the tunnel based on one or more firewall policies; and block the session traffic using the security device if a violation of a first firewall policy is determined, wherein the first firewall policy includes a policy for verifying that the destination domain extracted from a server name indication (SNI) matches a domain associated with a uniform resource locator (URL) for a session associated with the network communications between the client and the remote server. 16 . A method, comprising: monitoring network communications between a client and a remote server using a security device; determining if the client sends a request to create a secure connection with the remote server; extracting a destination domain from the request to create the secure connection with the remote server; and extracting a commonName identified in a public certificate sent from the remote server to the client. 17 . The method of claim 16 , wherein a secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and wherein the destination domain is extracted from a server name indication (SNI) of a client hello message sent from the client to the remote server. 18 . The method of claim 16 , further comprising: applying a security policy based on the destination domain to filter traffic at the security device. 19 . A computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for: monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server; extracting a destination domain from the request to create the secure co