Questions tagged [sni]

Server Name Indication, essential TLS extension for virtual hosting

Server Name Indication is a TLS extension benefiting virtual hosting by permitting different domain hosted on a single IP address to have a different certificate per hostname. it was first standardized in 2003 in RFC 3546. The most current version is documented in RFC 6066.

Even after ten years, support of this extension by tools and libraries can still be lacking but is becoming quasi universal.

329 questions
6
votes
0 answers

Even after setting jsse.enableSNIExtension to true, enableSNIExtension in ClientHandshaker has value false

I am trying to enable the SNI extension in my project. I set jsse.enableSNIExtension property by following ways: 1. Writing System.setProperty("jsse.enableSNIExtension", "true"); 2. Passing -Djsse.enableSNIExtension=true as VM argument I printed…
ABHITRNG
  • 91
  • 5
6
votes
1 answer

Why doesn't libcurl set SNI for IPs?

I just noticed libcurl does not set SNI field when I use an IP for an HTTPS call. I found this: https://github.com/curl/curl/blame/master/lib/vtls/openssl.c #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if((0 == Curl_inet_pton(AF_INET, hostname, &addr))…
Igor Gatis
  • 4,648
  • 10
  • 43
  • 66
6
votes
1 answer

How to set TLS/SNI option in gRPC client of Python/C++?

How do I set the TLS/SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) in the Python/C++ gRPC client API? In other words, what's the equivalent of setting the -servername in openssl s_client? I have verified my TLS server works by using the…
steveyang
  • 9,178
  • 8
  • 54
  • 80
6
votes
1 answer

Configure Netty SSL client sockets to send SNI header in Android

I'd like to create an SSL/TLS connection using the Netty framework which will send a SNI header together during handshake. My current code looks like this: SslContext creation: TrustManagerFactory trustManagerFactory =…
6
votes
2 answers

SSL+ Java 8 + OpenJDK + SNI + HTTPClient = Handshake Failure

I have some code that's been working for a long time that gets data from webapps over HTTP. It uses Apache HTTPClient (v. 4.5.2) and works great for sites with and without SSL. Recently, I've tried to use if for another site that happens to use SNI.…
Sander Smith
  • 1,371
  • 4
  • 20
  • 30
6
votes
1 answer

Disable SNI in a modern browser

Is there a way to temporarily disable SNI in a modern browser? E.g. to test a website availability for older clients. (Should one worry about them since POODLE?)
sanmai
  • 29,083
  • 12
  • 64
  • 76
6
votes
1 answer

How to set Hostname in SSL Handshake (SNI) in JDK 1.7.x

JDK 1.8 seems to be providing the following option to explicitly set Hostname for connecting to SNI enabled sites, SNIHostName serverName = new SNIHostName("www.example.com"); List serverNames = new ArrayList<>(1); …
6
votes
1 answer

Android HTTPS SNI support using SSLCertificateSocketFactory

I am trying to add SNI support using SSLCertificateSocketFactory.setHostname, With wireshark i see the communication between client and SNI enabled server, The CLIENT HELLO goes to the server(with the correct hostname set), Server responds with…
baboo
  • 1,983
  • 17
  • 23
6
votes
3 answers

Any workaround to run SNI supported sites on windows xp and IE8

This question is asked multiple time and there are well briefed answers, IE on XP does not support But we have problem that we have not enough public ips to assign for individual ssl based url. I have very basic question that can we run SNI…
Mudasar Yasin
  • 579
  • 3
  • 11
  • 20
6
votes
3 answers

Apache SNI: multiple SSL certificates on one IP address

Today I'm trying to configure Apache to run two domains each with their own SSL certificate. From what I have read this is supported by SNI as long as my Apache is configured with a recent version of OpenSSL. I verified that it is: [notice]…
Dan Pouliot
  • 375
  • 2
  • 7
  • 21
6
votes
1 answer

Https connection, differences between Android 2.3 and 4

I'm working on a project that retrieves images from different servers (http and https). I found this usefull Q/A to avoid the problem of No peer certificate error in Android 2.3, but i can't understand why in Android 4 (>3) this problem ("No peer…
StarsSky
  • 6,721
  • 6
  • 38
  • 63
5
votes
0 answers

Getting "403 Client Error: SNI is required" in Python requests

Unexpectedly, the API "requests" on python code started giving this error: Traceback (most recent call last): File "", line 1, in File "/usr/lib/python2.7/dist-packages/requests/api.py", line 55, in get return request('get', url,…
Harshita
  • 372
  • 4
  • 16
5
votes
1 answer

Is there a way to enable/setup ESNI in Nginx?

I was looking around for a way but I've only got that Nginx does implement the normal SNI and that's it. Can it be that ESNI is still a "not yet ready" feature for Nginx?
Eugene
  • 217
  • 8
  • 24
5
votes
2 answers

Java 8 https connection fails on some sites

I cannot access some of https resources. Please help to make https calls reliable. Examples I put here tested from Firefox browser, to ensure they are works properly. $ java -version openjdk version "1.8.0_121" OpenJDK Runtime Environment (build…
P_M
  • 2,723
  • 4
  • 29
  • 62
5
votes
1 answer

TIdHTTP and TLS SNI doesnt work

On my attempt the TLS SNI extension is missing. I don't know why. Can someone point me in the right direction? Embarcadero® RAD Studio 10 Seattle Version 23.0.21418.4207 Indy version: 10.6.2.5311 OpenSSL:…
1 2
3
21 22