[openssl-dev] SNI by default in s_client
Matt Caswell
matt at openssl.org
Mon Feb 13 17:02:54 UTC 2017
On 13/02/17 16:55, Salz, Rich wrote:
>> extension by default that wasn't there before - and that we've already
>> decided to add new extensions in 1.1.1 due to the forthcoming
>> TLSv1.3 support.
>
> You mean adding new extensions in the wire protocol? Or are did we modify any API/ABI behavior?
Wire protocol. We haven't modified API/ABI behaviour (except to add new
APIs).
>
>> On the other hand you could argue that this could break
>> existing scripts that rely on the current SNI behaviour.
>
> I would support adding a new -sni flag that is shorter, easier to type, and uses the value of the HOST field.
Which doesn't really solve the problem I was seeking to address.
>
> Within the team, we previously had agreement that the CLI was part of the ABI "contract." Waiting for Viktor to weigh in here :)
>
I'm all in favour of a stable command line interface. What I think is
unclear is where the line is drawn between what is and isn't allowed.
I'm also waiting for Viktor :-)
Matt
More information about the openssl-dev
mailing list