|
When I use
an application on Windows Vista that communicates with our server (using Apache
2.2.13 and OpenSSL 0.9.8k), it succeeds if I use the IP address of the server,
but it fails when I use the FQDN of the server. When using the FQDN, I
noticed that the packet (Client Hello) comes to the server with the FQDN
(server name) in it. I believe this is part of the new SNI (Server Name
Indication) feature of TLS. Is there a
way, without recompiling Apache or OpenSSL, to disable this SNI checking on the
server? I tried putting the SSLStrictSNIVHostCheck directive in the .conf
file, but it had no effect. Also, making the ServerName directive in the
.conf file the same as what is coming across in the packet, had no effect
either. Or, is
there a way within Vista to disable the sending of the server name in the
packet? Thanks in
advance, Dan |
|