diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-13 13:26:37 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-27 11:43:55 +0100 |
commit | 11ba87f2ff8e2455c6627a83aa458384fe7de70a (patch) | |
tree | cd641aa5f04e490b101ff22b287552f05cc48653 /doc/man1/s_client.pod | |
parent | 37659ea43053f5db951962bd1100b490bd4f7e5e (diff) |
Ensure s_client sends an SNI extension by default
Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
Diffstat (limited to 'doc/man1/s_client.pod')
-rw-r--r-- | doc/man1/s_client.pod | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index cc2ad4f1f2..16538567bc 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -14,6 +14,7 @@ B<openssl> B<s_client> [B<-4>] [B<-6>] [B<-servername name>] +[B<-noservername>] [B<-verify depth>] [B<-verify_return_error>] [B<-cert filename>] @@ -156,7 +157,17 @@ Use IPv6 only. =item B<-servername name> -Set the TLS SNI (Server Name Indication) extension in the ClientHello message. +Set the TLS SNI (Server Name Indication) extension in the ClientHello message to +the given value. + +=item B<-noservername> + +Suppresses sending of the SNI (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the B<-servername> or +<-dane_tlsa_domain> options. If this option is not given then the hostname +provided to the B<-connect> option is used in the SNI extension, or "localhost" +if B<-connect> has not been supplied. Note that an SNI name should normally be a +DNS name and not an IP address. =item B<-cert certname> |