Closed
Description
If you are connecting to a webserver by IP, you may want to specify the hostname in the TLS negotiation, especially if it has multiple vhosts using the same certificate with Subject Alternate Names and behaving differently depending on which name is supplied during TLS negotiation (before the submitted Host: header is read).
Since 5.50 or so, nmap has had a knob to specify the hostname to request during TLS/SNI negotiation, first called nsi_set_hostname and now called nsock_iod_set_hostname. This is accessible from NSE code, but not, I think, from ncat.
For example:
$ ncat --version
Ncat: Version 7.80 ( https://nmap.org/ncat )
$ echo -n -e 'GET / HTTP/1.0\r\nHost: servername\r\n\r\n' |
ncat -n -v --ssl 10.1.2.3 443
HTTP/1.1 421 Misdirected Request
...
<h1>Misdirected Request</h1>
<p>The client needs a new connection for this
request as the requested host name does not match
the Server Name Indication (SNI) in use for this
connection.</p>
I have an old patch for this, will update and submit a PR.