[openssl-project] TLS 1.3 and SNI

Matt Caswell matt at openssl.org
Tue Apr 17 22:52:35 UTC 2018

On 17/04/18 23:36, Viktor Dukhovni wrote:
> Just wanted to check.  The TLS 1.3 draft lists SNI as mandatory to implement, but is not mandatory to use.  Clients should, but do not have to send SNI, and servers may require SNI, but can just use some default chain instead.
> Does OpenSSL's TLS 1.3 support mandate SNI in either the client or server?

No. We made changes to s_client to send SNI by default unless you
explicitly request not to. But for applications it's the same story as


More information about the openssl-project mailing list