sni

I would like to know about the support for the SSL/TLS Server Name Indication (SNI) extension in the Android SDK. As far as I know, there is a partial support in Android SDK. The current situation is the following: Since the Gingerbread release TLS connection with the HttpsURLConnection API supports SNI. Apache HTTP client library shipped with Android does not support SNI The Android web browser does not support SNI neither (since using the Apache HTTP client API) There is an opened ticket regarding this issue in the Android bug tracker. It is also possible to test the SNI support by making a

How to implement Server Name Indication(SNI) on OpenSSL in C or C++? Are there any real world examples available? On the client side, you use SSL_set_tlsext_host_name(ssl, servername) before initiating the SSL connection. On the server side, it's a little more complicated: Set up an additional SSL_CTX() for each different certificate; Add a servername callback to each SSL_CTX() using SSL_CTX_set_tlsext_servername_callback() ; In the callback, retrieve the client-supplied servername with SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) . Figure out the right SSL_CTX to go with that host name,

I'm using requests to communicate with a django app but When I try requests.get('https://mysite.com', verify=True) I get the error: hostname 'mysite.com' doesn't match either of '*.myhost.com', 'myhost.com' However, when I look at the browser, or http://www.digicert.com/help/ the certificate looks fine and dandy. My host suggested it was the lack of SNI support from requests (and Github seems to confirm that https://github.com/kennethreitz/requests/issues/749 ). Has anyone found a work-around using requests? The current version of Requests should be just fine with SNI. Further down the GitHub

不兼容 SNI 的现象 众所周知，伟大的 Windows XP 对 Server Name Indication 的支持不好。表现为打不开某些 https 网页。 为了兼容性，需要关闭SNI以保证IE6能正常访问。这样的代价就是：需要更多的服务器资源（IP不可复用，资源不易复用）。 某些云厂商，开启SNI选项的情况下价格会更优惠、关闭SNI会有 额外收费 。 故障现象 Windows XP + IE6 无法打开 https 网页： 实际上缓解的办法在上图中已显示： 请单击工具菜单，然后单击 Internet 选项。在“高级”选项卡上，滚动到“安全”部分，复选 SSL 2.0、SSL 3.0、TLS 1.0、PCT 1.0 设置。 开启IE6的TLS支持后，重启浏览器。确认安全警告后，能正常打开如下： 但拿到的证书都是被第1个加载的证书，欣慰的时访问到的内容（vhost）是正确的： 测试方法 安装Nginx 以 Nginx 为例，测试 https 证书与 IE6 的兼容性 apt-get -y install nginx # yum -y install nginx 自制证书 SNI 允许一个 IP 指向多个证书，那么我们做两个域名使用两个证书。简要如下： openssl genrsa -des3 -out /etc/nginx/conf.d/s1.key 1024 openssl