Support SNI for HTTPClient

Question

Support SNI for HTTPClient

mura-admin opened this issue 6 years ago · 3 comments

Currently any host that requires SNI will currently fail on TLS negotiation. i.e. most hosts that are behind Cloudflare: https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ

Given that a large part of the web is now behind shared protected edge services this seems like a much needed feature.

Will submit a pull request with my solution.

Answer 1 · 2018-10-15T20:56:08.000Z

Hi @mura-admin! Could you please clarify where in the chain of events this happens? I have numerous Vapor hosts behind Cloudflare utilizing SNI certs and I've never encountered any problems with direct web connections to those hosts or inter-host communication. Just want to better wrap my head around what you're describing :)

Answer 2 · 2018-10-15T21:30:04.000Z

I'm referring specifically to HTTPClient.connect and HTTPClient.upgrade in this codebase. Accessing from a browser isn't an issue as SNI is supported in all modern browsers.

I've just finished a pull request there so will post it now.

Answer 3 · 2018-10-15T21:30:35.000Z

Awesome! Thanks for your work on this.