So, how is this option named in firefox and how do you set it? ……… exactly. You don't have it as an option as servername != hostname is something you only need for experiments which is the main purpose of s_client. Firefox doesn't need that option as it is using SNI (in reality it uses a library which does, but details). apt doesn't need the option as it is using libcurl-gnutls which is using SNI (see the apt- helper command above as proof). That this isn't working in your case on your system is a bug "somewhere", possibly libcurl-gnutls or the things it uses like libgnutls, but not a reason to request a servername option in apt which given that you want to set it with servername == hostname would be a NOP anyhow…
P.S.: Fire up wireshark and realize that HTTPS itself fails your blank "everything should be encrypted" statement. The irony is that SNI is actually one of those unencrypted but highly informational pieces. The rest is a bit of traffic analyze away as you have perfect knowledge of the entirely static data sent over the encrypted wire, so from the transfer size alone you can already make reasonable guesses about what you do and with a bit more work you can be sure. Better than nothing of course and one of the reasons I subsumed under "you might want" but its still mostly a feeling of security/privacy you get here as apt just isn't your typical dynamically created website with cookies and passwords and stuff resulting in unique data streams where HTTPS makes a lot more sense. IF you and repository owners were really into privacy, you would be using TOR and repositories on onion services (for the record, apt supports it via apt-transport-tor and some repositories are available as onion service). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1551464 Title: apt-get sources should support TLS SNI (server name) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1551464/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
