3

When I use TwiML to send commands, Twilio API (TwilioProxy/1.1) makes requests to my Apache server on HTTPS without SNI support.

I need to block non-SNI clients (SSLStrictSNIVHostCheck On) on my server because I use multiple SSL certificates with multiple domains and they all use Twilio.

Is it possible to use a different API that has SNI support or a workaround that would make that work with SNI ?

Erico
  • 1,401
  • 9
  • 18

2 Answers2

2

I've just had a similar problem. Twilio was working fine with SNI (CloudFlare free Universal SSL) up to end April 2015, but suddenly stopped working.

Twilio support says that the TwilioProxy doesn't yet support SNI. This surprises me since it was working with SNI until recently. They say SNI support is on the backlog and they 'hope to support it in the future'.

A workaround may be to put CloudFlare Pro in front of your server for non-SNI, but this is currently $20 for the first site and $5 for additional sites.

Alternatively, other alternatives (e.g. Plivo) may support SNI. I'm investigating them; they're cheaper than Twilio too but don't have TwiML.

Megan Speir
  • 3,745
  • 1
  • 15
  • 25
David Trounce
  • 36
  • 1
  • Hey David, thanks for the answer and providing alternatives. I talked to Twilio support and they also confirmed TwilioProxy doesn't have SNI support. I found that surprising since SNI is largely supported by pretty much everything for years. They probably use an old IIS server for TwilioProxy. – Erico May 07 '15 at 20:38
  • My workaround will be allowing HTTP connections to my TwiML URLs that I send to Twilio. – Erico May 07 '15 at 20:41
  • Yes, they suggested that for me too. I'm hosting on Heroku, so my workaround is to have Twilio bypass CloudFlare and access the hook directly using SSL from Heroku. – David Trounce May 08 '15 at 23:12
  • @DavidTrounce are there settings in CloudFlare that allow you to bypass SSL on specific webhooks/URLs? – FullStack Aug 07 '15 at 03:57
  • There aren't any such settings. I ended up just giving Twilio the webhook directly on my server at Heroku, bypassing CloudFlare just for the Twilio webhook requests. That was simplest and free. – David Trounce Aug 08 '15 at 05:56
2

To be clear, Twilio has supported SNI since August 2015 which came almost 3 months after the original answer David provided. In the new Console - Account Settings you will find that here: https://www.twilio.com/console/account/settings

Megan Speir
  • 3,745
  • 1
  • 15
  • 25
  • Thank you very much Megan. I confirmed that Twilio supports SNI now looking at my access logs with SNI variable from Apache. Configuration in Account Settings is not really related to SNI, it's related to SSL Certificate Validation, but thanks for the tip. – Erico Jul 05 '16 at 02:47