> On Feb 13, 2017, at 12:32 PM, Viktor Dukhovni <openssl-us...@dukhovni.org>
> wrote:
>
> That said, I don't think that enabling SNI by default *in s_client* is
> sufficient cause to motivate such a feature. The s_client command adds
> new options from time to time, and IIRC we've never before back-ported
> these as NOPs. If an "ignore_unknown" option is warranted, it is for
> all the other new things we might add in addition to "-noservername".
One more thing I should note. The implementation should not break the
"-dane_tldsa_domain" option. That is, with no explicit "-servername"
and with "-dane_tlsa_domain", the SNI name must come from that option,
and not the "-connect" hostname.
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
