[users@httpd] Disabling the SNI functionality?

["Hintz, Dan" <Da...@Polycom.com>]

When I use an application on Windows Vista that communicates with our server (using Apache 2.2.13 and OpenSSL 0.9.8k), it succeeds if I use the IP address of the server, but it fails when I use the FQDN of the server.  When using the FQDN, I noticed that the packet (Client Hello) comes to the server with the FQDN (server name) in it.  I believe this is part of the new SNI (Server Name Indication) feature of TLS.

Is there a way, without recompiling Apache or OpenSSL, to disable this SNI checking on the server?  I tried putting the SSLStrictSNIVHostCheck directive in the .conf file, but it had no effect.  Also, making the ServerName directive in the .conf file the same as what is coming across in the packet, had no effect either.

Or, is there a way within Vista to disable the sending of the server name in the packet?

Thanks in advance,
Dan

Re: [users@httpd] Disabling the SNI functionality?

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

On 17.06.10 11:27, Hintz, Dan wrote:
> When I use an application on Windows Vista that communicates with our
> server (using Apache 2.2.13 and OpenSSL 0.9.8k), it succeeds if I use the
> IP address of the server, but it fails when I use the FQDN of the server. 

fail in what way?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org