"Use of the Server Name Indication (SNI) extension to TLS is also mandatory, to facilitate name-based virtual hosting." Should I be refusing client requests that don't have SNI? If so, with code 59? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20201026/2ff0 3193/attachment.sig>
This is a great question, hmm. I think you probably should, but I wonder what the status of clients are, if most are doing it. My clients (gemget, amfora) are all in Go, which doesn't seem to have an option to set SNI myself? I think it does it automatically. I would love to have Solderpunk's input on this, but I would wait until many clients are tested before you start refusing requests. Definitely this should be added to the existing client torture tests. Cheers, makeworld
It was thus said that the Great colecmac at protonmail.com once stated: > > I would love to have Solderpunk's input on this, but I would wait > until many clients are tested before you start refusing requests. > Definitely this should be added to the existing client torture tests. I'll have to see if the TLS library I use has a way to check SNI---it's not something I've had to deal with explicitly. -spc
My Gemini server requires SNI.
??????? Original Message ??????? On Friday, October 30, 2020 6:26 PM, Drew DeVault <sir at cmpwn.com> wrote: > My Gemini server requires SNI. Well, there's the test! My client connected with gemini://drewdevault.com sucessfully, so looks SNI works. :) makeworld
---