On Wed, Dec 24, 2008, Barnhill, William CTR USAF AFMC AFRL/RIGC wrote: > > > Something that's recently come up on another list is support in OpenSSL > for the Server Name Indicator (SNI) TLS extension. I understand that Dr. > Henson backported code slated for 0.9.9 into v0.9.8f as an optional > feature not enabled by default. I tried finding documentation on > support for SNI or other TLS extensions and didn't other than a couple > brief mentions on SNI changes and the email I mentioned. > > > > Is there anything I can use to bring me up to speed quickly on the > following)? > > .. which extensions are supported, >
0.9.8 support SNI, session ticket, OCSP status request extensions. The unreleased 0.9.9 in addition supports EC point formats. > .. what ./configure switch options are, > In 0.9.8 the option "enable-tlsext" adds support for the above extensions. > .. level of SNI support that can be expected from a 'default' OpenSSL > install of the latest version > The latest release does not include any extension support by default. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
