Stack Overflow
Stack Overflow

Questions tagged [sni]

Server Name Indication, essential TLS extension for virtual hosting

Server Name Indication is a TLS extension benefiting virtual hosting by permitting different domain hosted on a single IP address to have a different certificate per hostname. it was first standardized in 2003 in RFC 3546. The most current version is documented in RFC 6066.

Even after ten years, support of this extension by tools and libraries can still be lacking but is becoming quasi universal.

329 questions
5
votes
1 answer

OpenSSL::SSL::SSLContext SNI servername_cb Not Working

As referenced in OpenSSL::X509::Certificate Showing Certificate for Wrong Domain, I need to use TLSv1 or above and Server Name Indication extension. Even with ssl_version and servername_cb set via the SSLContext, I'm still getting the wrong…
Seth Reeser
  • 195
  • 2
  • 2
  • 13
5
votes
2 answers

SSL/TLS Connection reset - how to force Java client to use SNI?

I had BOTH: a STS server and spring web application on localhost. And it worked. I've tested OAuth2 Authorization Code Grant Flow - fully working. I moved STS to other machine and there is a problem from web application in acquiring an access token…
Dave Yarsky
  • 116
  • 1
  • 5
5
votes
3 answers

HAProxy reverse proxy SNI wildcard

I need some help with my HAProxy config. I am currently using HAProxy 1.5 to access geoblocked websites by reverse proxying them through altered DNS entries. (https://github.com/trick77/tunlr-style-dns-unblocking). Now I stumbled upon a problem as I…
Adam
  • 51
  • 1
  • 3
5
votes
2 answers

Programmatically add binding on IIS 8 with SNI option

I'm trying to create bindings for IIS 8 that have the flag SNI checked (Server Name Indication) using Microsoft.Web.Administration library (.NET Framework). This is necessary to me because I want to get multiple SSL bindings for the same website…
tittodiego
  • 156
  • 10
5
votes
1 answer

urllib3 on python 2.7 SNI error on Google App Engine

I'm trying to download an HTTPS page from my site hosted on Google App Engine with SNI. No matter what library I use, I get the following error: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol I've tried solving the error in many ways,…
Tzach
  • 12,889
  • 11
  • 68
  • 115
5
votes
3 answers

Java support for Server Name Indication (SNI) in server role?

Java 7 brings client support for SNI. Are there known open-source implementations of the SNI server role? Java provides "transparant support" TLS connections (including the handshake), but I need to decouple the handshake process so I can send a…
Lekensteyn
  • 64,486
  • 22
  • 159
  • 192
5
votes
3 answers

Multiple SSL enabled sites in Azure Virtual Machine

We are nearing the end of a lot of changes to make our application work in Azure and we want to use the Virtual Machines, not the typical roles way of deploying machines. Getting to the end I started to make check lists of things I needed to do and…
Chris Lomax
  • 137
  • 2
  • 12
5
votes
0 answers

TLS with Server Name Indication extension (RFC 3546) in Android

I am building a Android app that needs to work with https. I have no problem doing a https connection to a https address that do not use TLS with Server Name Indication extension. But I need to do the connection to a https address that uses TLS with…
dennis
  • 83
  • 1
  • 5
4
votes
3 answers

Openssl TLS extension support configuration (Server Name Indication)

I want to configure openssl client-server to support TLS extensions specifically server name indication (SNI). I have build the latest openssl 1.0.0e on ubuntu linux without giving any additional config parameter. ./config make make install Not…
PravinCG
  • 7,688
  • 3
  • 30
  • 55
4
votes
1 answer

How to multiple SSLs on the same server, behind a varnish layer?

I have the need to server multiple apps from the same server with SSL requirements. I'm currently thinking of running Nginx with SNI, but the majority of IE doesn't support SNI. What happens when someone with a browser that doesn't support SNI makes…
Rodrigo Dellacqua
  • 268
  • 1
  • 3
  • 12
4
votes
2 answers

nginx stream_ssl_preread module unable to read ssl_preread_server_name

I am trying to set up nginx to map TLS connections to different backends based on the SNI server name. From what I can tell, my client is sending the server name, but the preread module is only reading a hyphen. Here is my nginx congif: stream { …
Debby Mendez
  • 691
  • 10
  • 16
4
votes
0 answers

Modifying TLS SNI with HttpClient or HttpWebRequest

This question is the equivalent of this Go question in which it was trivial (albeit rather hacky) to obtain the desired behavior: I am looking for a way to modify the TLS SNI information that ultimately ends up in the TCP segments created when using…
fuglede
  • 17,388
  • 2
  • 54
  • 99
4
votes
0 answers

AWS SNI (server name Indication) via cloudformation

Actually, I want to add different SSL certificates on the same port. As per the AWS document, SNI is now possible via using Application Loadblancer (https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/) They have specified the steps…
karan sharma
  • 477
  • 3
  • 10
4
votes
0 answers

Android SNI Issue on Devices below Android 7

I am trying to send a HTTP POST request (with images, but that should not matter) to a https-secured server using an AsyncHttpClient. On Android 7+ everything seems to be working fine, the request finishes without errors. However, on Android 5 and…
munchybit
  • 41
  • 3
4
votes
2 answers

Python SSLError on Ubuntu, but only when run from a CRON

I have a Python script using requests module. It works on my desktop (Windows), and works when I run it manually on my VM (Ubuntu 14.04 / python 2.7.14). However, when the exact same command is scheduled as a CRON job on the same VM, it's…
Chris
  • 585
  • 3
  • 12
  • 26
1 2 3
21 22