< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

Re: [reSIProcate] Suggestion regarding Client support for TLS SNI extension.

From: Daniel Pocock <daniel@xxxxxxxxxx>
Date: Sun, 31 Jul 2016 18:38:48 +0200


On 30/07/16 22:42, Udit Raikwar wrote:
> Hello,
> I have created a Pull request[1] in which I am enabling client support
> for TLS SNI extension. 
> Server Name Indication (SNI) is an extension to the TLS computer
> networking protocol by which a client indicates which hostname it is
> attempting to connect to at the start of the handshaking process. It
> allows multiple hostnames to be served over HTTPS from the same IP
> address. (Please read [2] or [3] for more information)
> 
> At present in resiprocate, SNI extension is not supported, to enable sni
> support in client side I have added some code in
> resip/stack/ssl/TlsConnection.cxx file. I have checked the server name
> in 'Client Hello' using wireshark.
> 
> Client Hello without SNI supported: https://i.imgsafe.org/54bf8257b4.png 
> Client Hello with SNI supported: https://i.imgsafe.org/54c253a037.png 
> 
> Does anyone have any suggestions on supporting tls sni extension.
> 


I think it is good to support this

For people who want perfect backwards compatibility it may be nice to
have a configuration option to enable/disable client SNI, does anybody
feel this is essential before we accept Udit's change?

References:
- [reSIProcate] Suggestion regarding Client support for TLS SNI extension.
  - From: Udit Raikwar

Prev by Date: [reSIProcate] Suggestion regarding Client support for TLS SNI extension.
Next by Date: [reSIProcate] TLS SNI server support, Let's Encrypt / ACME DVSNI
Previous by thread: [reSIProcate] Suggestion regarding Client support for TLS SNI extension.
Next by thread: [reSIProcate] TLS SNI server support, Let's Encrypt / ACME DVSNI
Index(es):
- Date
- Thread