[stunnel-users] client side SNI

Michal Trojnara Michal.Trojnara at mirt.net
Fri Jan 13 18:06:50 CET 2012

yyy wrote:
> It looks like server name for client side SNI is defined
> as name to connect to in connect option. According to RFC,
> this name must be FQDN.  It is the only place where it is
> defined and server name for SNI cannot be defined outside
> connect option.
> Is that right?

Well... Not really.  There is an undocumented method to do it.  Use 
"protocolHost" option.

What I'm going to do is to modify "sni" option, to specify client-side 
SNI name in a client-mode section ("client = yes").

> I am trying to run multiple independent services over the same port
> there is no DNS infrastructure in place, so those server names
> would be random strings not refering to anything.

You don't really need DNS for this.
You could also specify your names in /etc/hosts on your client.


More information about the stunnel-users mailing list