chisel icon indicating copy to clipboard operation
chisel copied to clipboard

Published 20 hours ago verified publisher icon jpillora

Set ServerName (SNI).

Open ip-rw opened this issue 2 years ago • 4 comments

I think there's a pretty strong argument for setting the ServerName (SNI) to the value of --hostname.

It's pretty much standard to set the ServerName in the TLS ClientHello when a hostname is requested. Regardless, being able to set the SNI is something that's been requested a few times.

The changes are straightforward, won't require a new command line switch and don't appear to be beyond the scope of things (especially seeing as we have --hostname already)

I've submitted a pull request here: https://github.com/jpillora/chisel/pull/376

ip-rw avatar Aug 26 '22 19:08 ip-rw

I would consider this as a bug actually, just based on how I expect an https stack to work.

But I think we should add a separate switch to manually override the SNI again. So domain fronting will still be possible.

clerie avatar Sep 28 '22 20:09 clerie

I would consider this as a bug actually, just based on how I expect an https stack to work.

Yes I rather agree.

But I think we should add a separate switch to manually override the SNI again. So domain fronting will still be possible.

Have updated my fork:

--sni, Override the ServerName when using TLS (defaults to the 
hostname).

ip-rw avatar Oct 11 '22 11:10 ip-rw

Great, thank you. Let's hope it gets upstreamed soon!

clerie avatar Oct 11 '22 20:10 clerie

merged, i just need to release, though i want to release with go 1.19 but need to fix tests https://github.com/jpillora/chisel/issues/390

jpillora avatar Oct 31 '22 05:10 jpillora