Query -- how does this relate to TLSv1.3 and the alpha version (which is not
going to work with the final version -- and does not exist I think) -- and what
version of openssl do you recommend?
Thanks,
Eric
Eric S Eberhard
VICS (Vertical Integrated Computer Systems)
Voice: 928 567 3529
Cell
> In order to implement SNI you need an SNI callback
> The callback should return:
>
> SSL_TLSEXT_ERR_OK, if it successfully processed the SNI
> SSL_TLSEXT_ERR_ALERT_WARNING, to send a warning alert back
> SSL_TLSEXT_ERR_ALERT_FATAL, to send a fatal alert back
> SSL_TLSEXT_ERR_NOACK, to continue
> On Jun 27, 2018, at 9:12 AM, Matt Caswell wrote:
>
> Note though that RFC 3546 that you reference is obsolete. It was
> obsoleted by RFC 4366, which itself was obsoleted by RFC 6066. That last
> RFC has this to say about fatal vs warning alerts:
>
> If the server understood the
On 27/06/18 12:41, Felipe Gasper wrote:
> RFC 3546, in describing the SNI extension, recommends that servers send a
> warning to clients that request an unknown server name. (Page 9)
>
> I’d like to implement that warning .. could someone please point me to which
> API functions expose this
As in sending a non-fatal alert? There's no API to do that. And it probably
wouldn't work anyway, as most runtimes treat any alert as fatal.
Your best bet is to implement the right callback (depends on which version of
openssl you are using) and return an error if the SNI isn't one of your
RFC 3546, in describing the SNI extension, recommends that servers send a
warning to clients that request an unknown server name. (Page 9)
I’d like to implement that warning .. could someone please point me to which
API functions expose this ability?
Thank you!
-Felipe Gasper
Mississauga, ON
