[openssl-users] SNI callback

Benjamin Kaduk bkaduk at akamai.com
Wed Nov 28 21:03:10 UTC 2018

On Wed, Nov 28, 2018 at 08:48:10PM +0000, Jeremy Harris wrote:
> OpenSSL 1.1.1 FIPS  11 Sep 2018
> RHEL 8.0 beta
> Using SSL_CTX_set_tlsext_servername_callback()
> when the called routine returns SSL_TLSEXT_ERR_NOACK
> I was expecting the handshake to fail.  It carries
> on; am I doing something wrong?

NOACK is basically "pretend that there wasn't a callback here";
you should probably use SSL_TLSEXT_ERR_ALERT_FATAL to abort the
connection if you want the handshake to fail.


More information about the openssl-users mailing list