[openssl-project] TLS 1.3 and SNI
Matt Caswell
matt at openssl.org
Tue Apr 17 22:52:35 UTC 2018
On 17/04/18 23:36, Viktor Dukhovni wrote:
>
> Just wanted to check. The TLS 1.3 draft lists SNI as mandatory to implement, but is not mandatory to use. Clients should, but do not have to send SNI, and servers may require SNI, but can just use some default chain instead.
>
> Does OpenSSL's TLS 1.3 support mandate SNI in either the client or server?
>
No. We made changes to s_client to send SNI by default unless you
explicitly request not to. But for applications it's the same story as
always.
Matt
More information about the openssl-project
mailing list