It appears the OS X shell can provide Session IDs in its TLS 1.2 handshake, which enable session resumption. This might interact with the server's understanding of SNIs.
OpenSSL's SSL_get_servername method extracts the SNI for us, and is defined by the documentation to behave thus:
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur
The function will return the servername requested by the client in this handshake or NULL if none was requested.
So, after accepting a connection attempt, SSL_get_servername will return the name the client requested. But later:
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred
If a servername was accepted by the server in the original handshake then it will return that servername, or NULL otherwise.
This means that OpenSSL ignores the second connection attempt's advertised SNI, in favor of the original... if the original connection's SNI was "accepted". SNIs can be accepted in an application provided callback, which we don't set. We probably need to define a callback to accept the client's SNI, so that we consistently see an SNI across all connections, whether or not they are resumed.
This can be done by using the SSL_CTX_set_tlsext_servername_callback function.
- is duplicated by
-
SERVER-50436 MongoDB split horizons doesn't seem work properly
- Closed