You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am aware that adding the ServerName from the received Client Hello info is probably not the intended way to do it.
What did you expect to see?
Server Name extension in the Server Hello.
From RFC4366:
A server that receives a client hello containing the "server_name"
extension MAY use the information contained in the extension to guide
its selection of an appropriate certificate to return to the client,
and/or other aspects of security policy. In this event, the server
SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.
What did you see instead?
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 275
Version: TLS 1.2 (0x0303)
Random: 67d628701660d6757d4dfec28be789e814562e5a7d262d0620af145ecb6de416
Session ID Length: 32
Session ID: 66f5bfd5bb08c5d661af3e871679762b8503b6c8dda9e8feaa754db71ad5d70e
Cipher Suites Length: 38
Cipher Suites (19 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 164
Extension: server_name (len=41)
Type: server_name (0)
Length: 41
Server Name Indication extension
Server Name list length: 39
Server Name Type: host_name (0)
Server Name length: 36
**Server Name: nf.5gc.mnc001.mcc001.3gppnetwork.org**
Extension: status_request (len=5)
Extension: supported_groups (len=10)
Extension: ec_point_formats (len=2)
Extension: signature_algorithms (len=26)
Extension: renegotiation_info (len=1)
Extension: signed_certificate_timestamp (len=0)
Extension: supported_versions (len=5)
Extension: key_share (len=38)
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 51
Version: TLS 1.2 (0x0303)
Random: 382582267f10d66eefc38ea031534a6d92eac6493dace867978e4993566b1702
Session ID Length: 0
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 11
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
seankhliao
changed the title
Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello
crypto/tls: Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello
Aug 26, 2022
go version go1.16.10 linux/amd64
Does this issue reproduce with the latest release?
UNKNOWN (no control over the Go version)
What did you do?
HTTPS server with the support of SNI as per:
I am aware that adding the ServerName from the received Client Hello info is probably not the intended way to do it.
What did you expect to see?
Server Name extension in the Server Hello.
From RFC4366:
A server that receives a client hello containing the "server_name"
extension MAY use the information contained in the extension to guide
its selection of an appropriate certificate to return to the client,
and/or other aspects of security policy. In this event, the server
SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.
What did you see instead?
go env:
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/ubuntu/.cache/go-build"
GOENV="/home/ubuntu/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/ubuntu/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/ubuntu/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.16.10"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/ubuntu/go/src/nti-nf/nf/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4262555082=/tmp/go-build -gno-record-gcc-switches"
The text was updated successfully, but these errors were encountered: