The server is sending back a servername extension where the extension_data has length 2, and the data consists of two 0-bytes. An empty extension, as required by the RFC, would have length 0, and empty data. That'd mean the problem is on their end, I think.
Cheers, Emilia On Fri, Oct 24, 2014 at 3:38 PM, Bogdan Harjoc <har...@gmail.com> wrote: > Was trying to see why openssl doesn't like to connect to > elink-http8.bankofamerica.com. > > Seems it sends an alert (fatal) "Unrecognized name" because the server > sends back an empty server_name extension, rightly so according to rfc > 6066. > > Reproduce using (1.0.1j): > > openssl s_client -connect elink-http8.bankofamerica.com:443 > -servername elink-http8.bankofamerica.com > > I tried this on android with chrome and the standard browser since > they use openssl and it triggers an error. On an iphone the ssl site > loads. > > Attached is the pcap. Am I missing something ? >
