Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNI from a server #175

Closed
kazu-yamamoto opened this issue Dec 21, 2016 · 3 comments
Closed

SNI from a server #175

kazu-yamamoto opened this issue Dec 21, 2016 · 3 comments
Assignees
@kazu-yamamoto

Comments

@kazu-yamamoto
Copy link
Collaborator

RFC6066 says:

A server that receives a client hello containing the "server_name"
extension MAY use the information contained in the extension to guide
its selection of an appropriate certificate to return to the client,
and/or other aspects of security policy. In this event, the server
SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.

But I cannot find the code to send an empty SNI from a server to a client. Is this intentional? Or is it just missing?
@vdukhovni
Copy link
Collaborator

It does seem sensible to acknowledge receipt of the extension, regardless of whether it is actually used to determine a corresponding certificate or security policy. That way, clients are less likely to spuriously abort the connection if they choose to insist on the extension ACK. So I would view a PR that implements the sending of an empty extension favourably, if such functionality is not yet present.

@kazu-yamamoto
Copy link
Collaborator Author

OK. I will implement it.

@kazu-yamamoto kazu-yamamoto self-assigned this Dec 22, 2016
kazu-yamamoto added a commit to kazu-yamamoto/hs-tls that referenced this issue Dec 22, 2016
@kazu-yamamoto
sending an empty server name from a server if necessary. (haskell-tls…
af065ec 
…#175)

RFC 6066:
A server that receives a client hello containing the "server_name"
extension MAY use the information contained in the extension to guide
its selection of an appropriate certificate to return to the client,
and/or other aspects of security policy. In this event, the server
SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.
@ocheron
Copy link
Contributor

ocheron commented Dec 27, 2016

Fixed with #178.

@ocheron ocheron closed this as completed Dec 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kazu-yamamoto kazu-yamamoto

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kazu-yamamoto @vdukhovni @ocheron