Skip to content

SNI Server Name Missing in ClientHello for Domain with Trailing Dot #6044

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#6046
Closed
SNI Server Name Missing in ClientHello for Domain with Trailing Dot#6044
#6046
@yzfeng2020

Description

@yzfeng2020
yzfeng2020
opened on Dec 20, 2024

We noticed that when a request is made to a domain with a trailing dot, the SNI server name is not included in the ClientHello message.

Upon investigation, it seems the peerHost needs to be valid for the SNI server name to be generated in the SSL engine. However, the host passed in the pipeline configurator includes the trailing dot, making it invalid.

I came across #4875 that allows trailing dots, that may be related.

Code Ref:

https://github.com/netty/netty/blame/4.1/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java#L345

armeria/core/src/main/java/com/linecorp/armeria/client/HttpClientPipelineConfigurator.java

Lines 232 to 234 in 82a1f94

sslEngine = sslCtx.newEngine(ch.alloc(),
raddr.getHostString(),
raddr.getPort());

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions