[Swan] Intermittent download.libreswan.org certificate hostname mismatch
Tuomo Soini
tis at foobar.fi
Tue Apr 25 15:50:22 UTC 2017
On Sun, 23 Apr 2017 21:00:49 +0300
Tuomo Soini <tis at foobar.fi> wrote:
> > This seems like the wrong take-away. I agree that SNI support is
> > important, but I'd also expect if the project decides to take this
> > hard-line stance on SNI client support that it be done consistently
> > so 100% of requests without SNI fail.
>
> No. We go without SNI requirement as far as we can. There are several
> systems in our infrastructure and there is no simple way to go without
> SNI requirement on Finland server. This is result of careful planning,
> not just random configuration.
I did some experiments and managed to get https://download.libreswan.org
to work without SNI.
But that only means https://libreswan.org/ requires SNI to work which
was why we didn't want to do this before. But as all real browsers
nowadays do support SNI this might be better way around.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan
mailing list