SNI disable by default on 1.0 and 1.1.0?

aeris aeris+openssl at
Tue Dec 3 08:27:47 UTC 2019

> I think your tests are just finding the changes from
> but other applications using
> libssl still need to use the SSL_set_tlsext_host_name() API in order to
> send the SNI extension.

OK got it.

I have trouble with certificate verification on software using libssl 1.0.2 and 
not 1.1.1. And when debugging, I spot the difference of behaviour with openssl 
client which also generate _the same_ verification error. This confuse me…
Network debugging the flow show SNI in both case with libssl.

In fact my real problem was because OPENSSLDIR are not the same, and 1.0.2 
have no CA but 1.1.1 have one…

Individual crypto-terrorist group self-radicalized on the digital darknet

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the openssl-users mailing list