It does seem other webservers send the server_name back with 0 as the length of extension_data. And the site in question seems to be running an old (6.1.26) jetty version. End of story, I guess.
Thanks. On Fri, Oct 24, 2014 at 7:11 PM, Emilia Käsper <emi...@silkandcyanide.net> wrote: > The server is sending back a servername extension where the extension_data > has length 2, and the data consists of two 0-bytes. An empty extension, as > required by the RFC, would have length 0, and empty data. That'd mean the > problem is on their end, I think. > > Cheers, > Emilia > > > On Fri, Oct 24, 2014 at 3:38 PM, Bogdan Harjoc <har...@gmail.com> wrote: >> >> Was trying to see why openssl doesn't like to connect to >> elink-http8.bankofamerica.com. >> >> Seems it sends an alert (fatal) "Unrecognized name" because the server >> sends back an empty server_name extension, rightly so according to rfc >> 6066. >> >> Reproduce using (1.0.1j): >> >> openssl s_client -connect elink-http8.bankofamerica.com:443 >> -servername elink-http8.bankofamerica.com >> >> I tried this on android with chrome and the standard browser since >> they use openssl and it triggers an error. On an iphone the ssl site >> loads. >> >> Attached is the pcap. Am I missing something ? > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
