greetings,
just a heads up that we’ve seen client breakage when using haproxy with
openssl-1.1 — dunno how far along you are concerning ossl1.1 usage, but it has
become very clear that openssl-1.1 behaves differently in a number of ways esp
SNI callback.
so, openssl-1.0.x does not actually send the warnings/alerts when the callback
returns SSL_TLSEXT_ERR_NOACK or SSL_TLSEXT_ERR_ALERT_WARNING, but openssl-1.1
will send them.
Some clients, such as java1.8 and gnutls, will fail upon receiving these
warnings, even if the RFC isn’t clear on the correct behavior.
I don’t know if this 100% applicable to you, but perhaps consider removing the
warnings unless explicitly requested with strict_sni? Looking at the
“reference” s_server.c in openssl-1.1 and it does return ERR_OK for both
mismatch and missing servername.
roberto
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e7eb5df..2b227fc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1470,7 +1470,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void
*priv)
#endif
return (s->strict_sni ?
SSL_TLSEXT_ERR_ALERT_FATAL :
- SSL_TLSEXT_ERR_NOACK);
+ SSL_TLSEXT_ERR_OK);
}
for (i = 0; i < trash.size; i++) {
@@ -1507,7 +1507,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void
*priv)
#endif
return (s->strict_sni ?
SSL_TLSEXT_ERR_ALERT_FATAL :
- SSL_TLSEXT_ERR_ALERT_WARNING);
+ SSL_TLSEXT_ERR_OK);
}
/* switch ctx */
