Statement of intent regarding TLS server name identification (SNI)

Omar Polo op at omarpolo.com
Mon Nov 9 15:54:57 GMT 2020

Previous message (by thread): Statement of intent regarding TLS server name identification (SNI)
Next message (by thread): Statement of intent regarding TLS server name identification (SNI)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Drew DeVault <sir at cmpwn.com> writes:

> Hiya! On behalf of the gmnisrv server software
> (https://git.sr.ht/~sircmpwn/gmnisrv), I'm writing to inform client
> authors that our intention is to *require* clients to enable server name
> identification (SNI) when making TLS connections. We will drop
> connections which do not provide SNI.
>
> It's pretty easy to add to your cilent, so please double check that
> yours does it! My server, gemini://drewdevault.com, is running gmnisrv
> with this requirement enabled if you want something to test against.

This explain why I wasn't able to visit your server today, as it seems
elpher doesn't do SNI.

(please excuse my ignorance on the matter) what’s the rationale for this
requirement? (other than allowing virtual hosts.)  I'm asking because
I'm curious if I need to follow the same behaviour in my server too.

Previous message (by thread): Statement of intent regarding TLS server name identification (SNI)
Next message (by thread): Statement of intent regarding TLS server name identification (SNI)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list