diff options
author | Ionut Mihalcea <ionut.mihalcea@sophos.com> | 2019-02-06 21:09:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-19 17:35:52 +0000 |
commit | 70fa3aa108320d15536228656b120d3e08de0e40 (patch) | |
tree | 7beeef3c42c1cc1dfbf55ecf16471191ad3f48a0 /doc | |
parent | 663dc8c133e102950af9ad907fc19e123aabdc76 (diff) |
Don't set SNI by default if hostname is not dNS name
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8175)
(cherry picked from commit 8e981051ceecd10754f8f6d1291414a7453c8fac)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/s_client.pod | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 58fe37a69b..0f54ee19c7 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -191,14 +191,17 @@ Use IPv6 only. =item B<-servername name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message to -the given value. If both this option and the B<-noservername> are not given, the -TLS SNI extension is still set to the hostname provided to the B<-connect> option, -or "localhost" if B<-connect> has not been supplied. This is default since OpenSSL -1.1.1. - -Even though SNI name should normally be a DNS name and not an IP address, this -option will not make the distinction when parsing B<-connect> and will send -IP address if one passed. +the given value. +If B<-servername> is not provided, the TLS SNI extension will be populated with +the name given to B<-connect> if it follows a DNS name format. If B<-connect> is +not provided either, the SNI is set to "localhost". +This is the default since OpenSSL 1.1.1. + +Even though SNI should normally be a DNS name and not an IP address, if +B<-servername> is provided then that name will be sent, regardless of whether +it is a DNS name or not. + +This option cannot be used in conjuction with B<-noservername>. =item B<-noservername> |