MQTTX icon indicating copy to clipboard operation
MQTTX copied to clipboard
verified publisher icon emqx

怎么禁用SNI扩展。或者让域名通过客户端的SNI验证

Open learner0752 opened this issue 4 months ago • 1 comments

Describe the problem you Confuse

用tls连接部署在阿里云的bifromq服务器时,发现一直失败。抓包查看时客户端发了RST重置。查询原因怀疑是SNI扩展的问题

Image

More detail (optional)

Add any other context or screenshots.

learner0752 avatar Aug 15 '25 03:08 learner0752

Thanks for reporting this issue. After checking the code, I can confirm that MQTTX currently doesn't support configuring SNI (Server Name Indication) options.

MQTTX doesn't expose Node.js TLS options, such as servername or checkServerIdentity, which are necessary to control SNI behavior.

Temporary workarounds:

  1. Try disabling "Reject Unauthorized" in SSL/TLS settings (note: this reduces security)
  2. Check if your server's domain name matches the certificate's CN/SAN fields

We'll consider adding proper SNI configuration options in future versions.

ysfscream avatar Aug 19 '25 02:08 ysfscream