Skip to content

Add option to disable SNI for TLS connections#344

Merged
nniclausse merged 1 commit into
developfrom
add-option-to-disable-sni
Feb 14, 2019
Merged

Add option to disable SNI for TLS connections#344
nniclausse merged 1 commit into
developfrom
add-option-to-disable-sni

Conversation

@tisba
Copy link
Copy Markdown
Collaborator

@tisba tisba commented Feb 13, 2019

While testing a HTTP-based system using mutual TLS authentication (= client and server TLS certificates) I ran into several issues with Erlang and errors during TLS handshakes when using TLS client certificates. The root cause is not fully understood currently, but the parts of the solution is :)

Server Name Indication (SNI) is a TLS extension allowing the server to receive a hostname indication the client wishes to connect to.

According to http://erlang.org/doc/man/ssl.html#tls-dtls-option-descriptions---client-side, {server_name_indication, disable} can be used to disable SNI:

server_name_indication, disable}

Prevents the Server Name Indication extension from being sent and disables the hostname verification check

This PR introduces the following option:

<options>
  <option name="ssl_disable_sni" value="true" />
</options>

@tisba
Copy link
Copy Markdown
Collaborator Author

tisba commented Feb 14, 2019

In case you can take a quick look, @nniclausse, that would be great. Apart from this, I've tested this successfully and also updated the documentation.

@nniclausse nniclausse merged commit 5b4bae6 into develop Feb 14, 2019
@tisba tisba deleted the add-option-to-disable-sni branch February 14, 2019 14:37
@nniclausse nniclausse added this to the 1.8.0 milestone Feb 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/enhancement protocol/generic

Projects

None yet

Milestone

1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@tisba @nniclausse