How to simulate non-SNI browsers (without SNI support)?

ssl client sni
watery picture watery · Feb 3, 2015 · Viewed 12.5k times · Source

I'm setting up Apache with several distinct SSL certificates for different domains that reside on the same server (and thus sharing the same IP address).

With Qualys SSL Test I discovered that there are clients (i.e. BingBot as of december 2013) that do not support the SNI extension.

So I'm thinking about crafting a special default web application that can gather the requests of such clients, but how can I simulate those clients?

I'm on Windows 8, with no access to Linux boxes, if that matters.

Answer

zakjan picture zakjan · Feb 3, 2015

You can use the most commonly used SSL library, OpenSSL. Windows binaries are available to download.

openssl s_client -connect domain.com:443 command serves very well to test SSL connection from client side. It doesn't support SNI by default. You can append -servername domain.com argument to enable SNI.

Related questions

android webview with client certificate

I tried for days to use a web view with a client certificate embedded in the application, but it seems to me that the android sdk does not provide any way to do it, is there a callback to intercept …

Read More
Client SSL with Self Signed CA not working

I have been struggling with an SSL problem for more than 1 month. We have used openssl to generate our own CA, server and client certificates. We have also enable "SSLrequire" on the Apache web server (in htaccess this may be …

Read More
Python client - SSL lib - certificate verify failed

I'm trying to do a small secure HTTPS client for learning purposes and see how all the mechanics of SSL works on a higher level for now, so i'm trying to convert a simple socket into a ssl via ssl.…

Read More