Share this page
Record and replay on servers with SNI enabled
Server Name Indication (SNI) is an extension of the TLS protocol, in which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows multiple certificates to be sent from a single server. It is often used on cloud servers, such as AmazonCloud.
You can control whether VuGen sends an SNI extension to SSL handshakes using:
web_set_sockets_option(“TLS_SNI”, <value>);
Where:
| Value | Description |
|---|---|
| "1" | Default. Enable extension and send the server name value derived from the URL (host name) |
| "0" | Disable extension. Do not send an SNI extension with SSL handshakes. |
| "<server name>" | Manually specify the SNI extension value for the next handshake only. |
Additional SNI guidelines
VuGen uses the following guidelines for SSL handshakes:
During recording:
- If SNI support is detected, no special step is added.
- If SNI is not detected, a
web_set_sockets_option(“TLS_SNI”, “0”);
statement is added to the beginning of the script.
During replay:
-
When the
<server_name>option is used, the specified server name is used for the next handshake only.
Subsequent handshakes revert to the standard enabled (1) or disabled (0) behavior. -
If no
web_set_sockets_option(“TLS_SNI”, <value>);statement exists, or if aweb_set_sockets_option(“TLS_SNI”, "1");exists, the default SNI extension is sent with each SSL handshake.Therefore, scripts created prior to support of this option will run with SNI enabled.
To prevent this behavior, add
web_set_sockets_option(“TLS_SNI”, “0”);to your script.
