I just tried s_server, and its logs included something like "Hostname in TLS extension".
2. It looks options -servername and -alpn cannot work together.
Please consider the following case,
Server side: openssl s_server -cert cert1 -key key1 -cert2 cert2 -key2 key2 -servername www.server2.com -alpn h2 -www -accept 4433
Client side: openssl s_client -connect localhost:4433 -servername www.server2.com -alpn h2 < /dev/null
Client side: openssl s_client -connect localhost:4433 -servername www.server2.com -alpn h2 < /dev/null
With the above commands, s_client outputted "No ALPN negotiated", and cert2 was selected.
But removed "-servername www.server2.com" from server side, and re-run client side command, it outputted "ALPN protocol: h2", but cert1 was selected (namely, SNI didn't work).
Thanks!
2017-11-27 12:27 GMT+08:00 Kyle Hamilton <aerowolf@xxxxxxxxx>:
The -servername [host] is what causes the SNI extension to be sent. I don't think its sending is put into the debug output. Do you really need it there?I'm pretty certain that s_server outputs it in debug output.-Kyle HOn Nov 26, 2017 18:59, "John Jiang" <john.sha.jiang@xxxxxxxxx> wrote:--Hi,I supposed the below command can give me some SNI info, but nothing was found.
The following is my OpenSSL version info,
OpenSSL 1.1.0f 25 May 2017
openssl s_client -debug -tlsextdebug -msg -connect <host:port> -servername <server> < /dev/null | grep "server name"But I found SNI extension with Wireshark while running the above command.Is it possible get SNI info with s_client?Thanks!
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
