SNI header encryption?

S

SleepingLion2013-10-25 22:39:48

OpenSSL

SleepingLion, 2013-10-25 22:39:48

Good time of the day.
There is such a wonderful thing as SNI - an extension of TLS that adds the ability for the server to understand what kind of SSL certificate they want from it.
At the beginning of communication, before STARTTLS, the client sends the name of the certificate for the connection to the server. Question: Is the server name transmitted before STARTTLS encrypted? If so, how?
I would be glad for any information about this, especially an indication of the specification, where this is described.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

merlin-vrn, 2013-10-26
@SleepingLion

But why are you asking? wireshark to the rescue.
Hint - no, it's not encrypted. The hostname is transmitted in clear text, because at this stage it is not yet known how to encrypt it. Moreover, it is transmitted in the clear several times, for example, as part of the host certificate (in which it is stored in the cn field).

S

SleepingLion, 2013-10-27
@SleepingLion

For some reason, it seemed that TLS deals with RSA (PKCS and all that) and this will not be in the RFC. My bad. Gone to read.