Hi, Yoav's tcpdump analysis, together with Martin's observations, helped me find the problem at the server end. I've changed the config now (addding a missing 'NameVirtualHost *:443' to Apache's config), and Stuart's example now works for me on OS X Snow Leopard and Lion: svn info https://svn.tools.ietf.org/svn/wg/hybi (The box running Lion isn't happy with the certificate, though, even if all other means of verification I have tells me it's OK.) Thanks and best regards, Henrik On 2011-09-26 22:11 Yoav Nir said: > The client sends a SNI extension with the name "svn.tools.ietf.org". > For some reason the server does not recognize the name. This is > particularly puzzling because the CommonName in the server > certificate is "*.tools.ietf.org", which is usually considered a > match. The server sends a warning-level "unrecognized name" alert, > and the client breaks the connection. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf