Julien Pierre wrote:

There is a TLS extension called "server name indication". It is currently not implemented by NSS . There are RFEs, you can search bugzilla.

I'm not aware of any client or server that implements this extension at this time,

The big impediment to this is the continued existance of SSL2-only servers. There are still some big-value heavily-used SSL servers out there that speak only SSL2. Here's one: https://webmail.aol.com/

In order to use the "server name indication" TLS extension, the client must
send out an SSL3/TLS style "client hello" message as the first message it
sends to the server.  And today, most browsers do not do that.  They send
out SSL2 style hellos, which cannot use that extension.  Here's why.

If the client sends an SSL3/TLS style hello to the server, and the server
is an SSL2 (only) server, the server will misinterpret this SSL3/TLS
style hello as a very large SSL2 style record, and will wait a long time
(maybe as little as 30 seconds, or maybe much longer) for the rest of
the message to come in.  This appears to a browser user as a "hung"
connection, and tends to anger browser users ("damn browser!"), even
though it is no fault of the browser's.

To avoid that, browser products continue to this day to send out
ssl2-style client hello messages, which make SSL2 servers happy, and which
SSL3/TLS servers interpret as SSL3/TLS hellos.  But there is no way to
put the new "server name indication" into an SSL2-style client hello.

When all the big-value SSL servers finally all upgrade to newer server
software than understands more than just SSL2, I think you'll see this
new "server name indication" come into play.

Nelson B
mozilla-crypto mailing list

Reply via email to