Re: [openssl-users] How to get SNI info from s_client debug logs?
I just tried s_server, and its logs included something like "Hostname in TLS extension". But I still have a couple of puzzles. 1. Why does s_server need option "-servername"? I supposed only s_client needs this option. With my test, if only s_client specified "-servername server", the desired certificate still was not used. My commands like: Server side: openssl s_server -cert cert1 -key key1 -cert2 cert2 -key2 key2 -www -accept 4433 Client side: openssl s_client -connect localhost:4433 -servername www.server2.com < /dev/null Here, if www.server2.com is selected, (I hoped) cert2/key2 is used. But it didn't happen with the above case. 2. It looks options -servername and -alpn cannot work together. Please consider the following case, Server side: openssl s_server -cert cert1 -key key1 -cert2 cert2 -key2 key2 -servername www.server2.com -alpn h2 -www -accept 4433 Client side: openssl s_client -connect localhost:4433 -servername www.server2.com -alpn h2 < /dev/null With the above commands, s_client outputted "No ALPN negotiated", and cert2 was selected. But removed "-servername www.server2.com" from server side, and re-run client side command, it outputted "ALPN protocol: h2", but cert1 was selected (namely, SNI didn't work). Thanks! 2017-11-27 12:27 GMT+08:00 Kyle Hamilton : > The -servername [host] is what causes the SNI extension to be sent. I > don't think its sending is put into the debug output. Do you really need it > there? > > I'm pretty certain that s_server outputs it in debug output. > > -Kyle H > > On Nov 26, 2017 18:59, "John Jiang" wrote: > >> Hi, >> The following is my OpenSSL version info, >> OpenSSL 1.1.0f 25 May 2017 >> >> I supposed the below command can give me some SNI info, but nothing was >> found. >> openssl s_client -debug -tlsextdebug -msg -connect >> -servername < /dev/null | grep "server name" >> But I found SNI extension with Wireshark while running the above command. >> >> Is it possible get SNI info with s_client? >> Thanks! >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to get SNI info from s_client debug logs?
The -servername [host] is what causes the SNI extension to be sent. I don't think its sending is put into the debug output. Do you really need it there? I'm pretty certain that s_server outputs it in debug output. -Kyle H On Nov 26, 2017 18:59, "John Jiang" wrote: > Hi, > The following is my OpenSSL version info, > OpenSSL 1.1.0f 25 May 2017 > > I supposed the below command can give me some SNI info, but nothing was > found. > openssl s_client -debug -tlsextdebug -msg -connect -servername > < /dev/null | grep "server name" > But I found SNI extension with Wireshark while running the above command. > > Is it possible get SNI info with s_client? > Thanks! > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to get SNI info from s_client debug logs?
The “server name” is something that the client sends to the server. This allows a single host to server multiple “virtual hosts” From: John Jiang Reply-To: openssl-users Date: Sunday, November 26, 2017 at 9:59 PM To: openssl-users Subject: [openssl-users] How to get SNI info from s_client debug logs? Hi, The following is my OpenSSL version info, OpenSSL 1.1.0f 25 May 2017 I supposed the below command can give me some SNI info, but nothing was found. openssl s_client -debug -tlsextdebug -msg -connect -servername < /dev/null | grep "server name" But I found SNI extension with Wireshark while running the above command. Is it possible get SNI info with s_client? Thanks! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to get SNI info from s_client debug logs?
Hi, The following is my OpenSSL version info, OpenSSL 1.1.0f 25 May 2017 I supposed the below command can give me some SNI info, but nothing was found. openssl s_client -debug -tlsextdebug -msg -connect -servername < /dev/null | grep "server name" But I found SNI extension with Wireshark while running the above command. Is it possible get SNI info with s_client? Thanks! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.44 released
Dear Users, I have released version 5.44 of stunnel. It is a bugfix release. I recommend updating to this version. Version 5.44, 2017.11.26, urgency: MEDIUM * New features - Signed Win32 executables, libraries, and installer. * Bugfixes - Default accept address restored to INADDR_ANY. - Fixed a race condition in "make check". - Fixed removing the pid file after configuration reload. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299 stunnel-5.44.tar.gz 4099650ae7be17b81412a0d4caa91db19c8678c8d8d2975398814e583f4c51aa stunnel-5.44-win32-installer.exe 643365b53ee6f16f87a902c3df849209155e603f02f7a761fc2457c89e5ac243 stunnel-5.44-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
