* 1. Why does s_server need option "-servername"?
For debugging, so that you can test that clients are sending the right SNI
extension and properly handling the TLS error when they don’t.
* 2. It looks options -servername and -alpn cannot work together.
Yes, kind-of. The s_client
I just tried s_server, and its logs included something like "Hostname in
TLS extension".
But I still have a couple of puzzles.
1. Why does s_server need option "-servername"?
I supposed only s_client needs this option.
With my test, if only s_client specified "-servername server", the desired
The -servername [host] is what causes the SNI extension to be sent. I
don't think its sending is put into the debug output. Do you really need it
there?
I'm pretty certain that s_server outputs it in debug output.
-Kyle H
On Nov 26, 2017 18:59, "John Jiang" wrote:
>
ers <openssl-users@openssl.org>
Subject: [openssl-users] How to get SNI info from s_client debug logs?
Hi,
The following is my OpenSSL version info,
OpenSSL 1.1.0f 25 May 2017
I supposed the below command can give me some SNI info, but nothing was found.
openssl s_client -debug -tlsextd
Hi,
The following is my OpenSSL version info,
OpenSSL 1.1.0f 25 May 2017
I supposed the below command can give me some SNI info, but nothing was
found.
openssl s_client -debug -tlsextdebug -msg -connect -servername
< /dev/null | grep "server name"
But I found SNI extension with Wireshark while