> On Feb 13, 2017, at 12:32 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> 
> wrote:
> That said, I don't think that enabling SNI by default *in s_client* is
> sufficient cause to motivate such a feature.  The s_client command adds
> new options from time to time, and IIRC we've never before back-ported
> these as NOPs.  If an "ignore_unknown" option is warranted, it is for
> all the other new things we might add in addition to "-noservername".

One more thing I should note.  The implementation should not break the
"-dane_tldsa_domain" option.  That is, with no explicit "-servername"
and with "-dane_tlsa_domain", the SNI name must come from that option,
and not the "-connect" hostname.


openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to