SSL_TLSEXT_ERR_NOACK not working as expected
Tal Dery
tal at awrora.io
Thu Mar 10 10:26:58 UTC 2022
Hi,
I am implementing an SSL server.
Using SSL_CTX_set_tlsext_servername_callback I'm checking the SNI.
When SNI meets my requirements (for example does not contain offensive words) I allow the handshake by returning SSL_TLSEXT_ERR_OK.
When there is an offensive word, I do not want to send Server Hello message. I try to do this by returning SSL_TLSEXT_ERR_NOACK.
For some reason, the server is still sending the message, and I wonder why?
SSL_TLSEXT_ERR_ALERT_WARNING works as expected.
I'm using OpenSSL 1.1.1f and Wireshark to verify what I say.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220310/35fc2296/attachment.htm>
More information about the openssl-users
mailing list