On 6/18/2014 7:24 AM, Viktor Dukhovni wrote: > That's the code I saw. Should OpenSSL do Apache a favour and not send > a warning alert anyway, when the extension callback is the SNI callback?
Uh... this wouldn't even remotely be a good idea. Reasons include "how to identify when being called by an httpd that could be named anything", "how to identify the SNI callback versus any other callback", and "hacks are inherently not sustainable and must still be supported long after the offending version of the client has fallen by the wayside -- while creating additional security problems down the road". So, I must second rsalz's "NO!!!". -Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature