Closed endreszabo closed 2 years ago
@endreszabo I'm having a hard time with this. I have a simple test server written in perl that reads the SNI (if provided) and prints it out, and that appears to be working. Given that this is a random string that is only referenced in the client SNI, it's hard to understand how the server could be printing it out any other way than via SNI working.
Oh, I think I see it - unless you tell it otherwise, s_client negotiates TLS before anything else (like https). Swaks is the opposite - unless you specify, it attempts to use smtps, i which a basic smtp connection is negotiated up into TLS-encrypted.
Long story short, use --tlsc
instead of --tls
and it will probably work
Thanks for your reply. Eventually I did not use --tlsc
. For the record I'm using swak together with piped OpenSSL as per the following:
swaks --pipe 'openssl s_client -connect "$servername:443" -servername "$servername"' ...more-args...
The upside of this that this way I see a very detailed TLS negotiation output from OpenSSL. And pretty much that's it.
Keep up the good work!
I had to
--pipe
anopenssl s_client
as the swaks argument--tls-sni
does not seem to work. The connection opens, TLS handshake is successful, but without any SNI header sent in TLS Client Hello.This works:
This does not (LB redirects to a HTTP server if SNI is not given):