> On Feb 13, 2017, at 12:32 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> > wrote: > > That said, I don't think that enabling SNI by default *in s_client* is > sufficient cause to motivate such a feature. The s_client command adds > new options from time to time, and IIRC we've never before back-ported > these as NOPs. If an "ignore_unknown" option is warranted, it is for > all the other new things we might add in addition to "-noservername".
One more thing I should note. The implementation should not break the "-dane_tldsa_domain" option. That is, with no explicit "-servername" and with "-dane_tlsa_domain", the SNI name must come from that option, and not the "-connect" hostname. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev