#2962 closed enhancement (invalid)
XPRA Client should send SNI when using SSL/WSS
Reported by: | David W Johnston | Owned by: | David W Johnston |
---|---|---|---|
Priority: | major | Milestone: | 4.1 |
Component: | client | Version: | 4.0.x |
Keywords: | sni | Cc: |
Description
Currently on the Windows XPRA client (didn't test Linux), connecting to a remote server using WSS does not send the SNI (server name indication) as part of the SSL handshake.
The SNI is a hostname field which can be sent by the client in clear-text in the SSL handshake. This allows the client to specify which host it intends to connect to.
This is useful when using reverse proxies (Ex. sniproxy), so multiple SSL services/sites can run on the same server IP and port.
Thanks
Change History (3)
comment:1 Changed 18 months ago by
Owner: | changed from Antoine Martin to David W Johnston |
---|
comment:2 Changed 18 months ago by
Resolution: | → invalid |
---|---|
Status: | new → closed |
Version: | trunk → 4.0.x |
You are right - With the Windows client 4.1-r28059 SNI works perfectly.
My problem was I had: --ssl-check-hostname=no
I didn't realize that would prevent the client from sending the SNI. I expected that switch to simply not enforce the hostname matching the server's cert.
Dave
comment:3 Changed 16 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2962
As per wiki/ReportingBugs, please specify the exact version that you are using.
SNI should be working in current versions.
Please post the output from the client running with
-d ssl
, ie: