httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hintz, Dan" <>
Subject [users@httpd] Disabling the SNI functionality?
Date Thu, 17 Jun 2010 18:27:32 GMT
When I use an application on Windows Vista that communicates with our server (using Apache
2.2.13 and OpenSSL 0.9.8k), it succeeds if I use the IP address of the server, but it fails
when I use the FQDN of the server.  When using the FQDN, I noticed that the packet (Client
Hello) comes to the server with the FQDN (server name) in it.  I believe this is part of the
new SNI (Server Name Indication) feature of TLS.

Is there a way, without recompiling Apache or OpenSSL, to disable this SNI checking on the
server?  I tried putting the SSLStrictSNIVHostCheck directive in the .conf file, but it had
no effect.  Also, making the ServerName directive in the .conf file the same as what is coming
across in the packet, had no effect either.

Or, is there a way within Vista to disable the sending of the server name in the packet?

Thanks in advance,

View raw message