Arne, Emmanuel, I can successfully reproduce the issue with an old wget build on win32.
It seems to me the SSL_TLSEXT_ERR_ALERT_WARNING is upsetting certain clients. Arne, could you try the following patch on top of currend HEAD. Emmanuel, could you share your thoughts about this? Regards, Lukas diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 38e95a8..531cfa1 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -197,7 +197,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s) if (!servername) { return (s->strict_sni ? SSL_TLSEXT_ERR_ALERT_FATAL : - SSL_TLSEXT_ERR_ALERT_WARNING); + SSL_TLSEXT_ERR_NOACK); } for (i = 0; i < trash.size; i++) {