💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › 20220926142046.1d30f63e@ba… captured on 2023-01-29 at 03:09:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Re: Requests and SNI

Message headers

From: Marek Küthe <m.k@mk16.de>

Subject: Re: Requests and SNI

Date: Mon, 26 Sep 2022 14:20:46 +0200

Message-ID: <20220926142046.1d30f63e@banduras-laptop>

Message content

First with a TLS connection established with the server. The server

must find a suitable certificate for the connection with the hostname

of the domain. If you request without SNI, the server does not know

which domain and therefore which certificate to select. The actual

Gemini request comes later, when the TLS connection is established. The

SNI has more or less the same purpose as in the WWW.

On Mon, 26 Sep 2022 07:36:02 -0000 (UTC)

noscript <name@example.com> wrote:

In the request description (section 2) of the gemini specification, there is:
> Gemini requests are a UTF-8 encoded absolute URL, including a scheme
> Sending an absolute URL permits virtual hosting of multiple Gemini
> domains on the same IP address.
And TLS section 4, there is:
> Use of the Server Name Indication (SNI) extension to TLS is also mandatory,
> to facilitate name-based virtual hosting.
The SNI seems redundant because the hostname is in the request already.
What is the reason to have SNI mandatory?

Related

Parent:

Requests and SNI (by noscript <name@example.com> on Mon, 26 Sep 2022 07:36:02 -0000 (UTC))