Ssl SNI（服务器名称指示）适用于TLS 1.2，但被TLS 1.0上的服务器拒绝_Ssl_Tls1.2

Ssl SNI（服务器名称指示）适用于TLS 1.2，但被TLS 1.0上的服务器拒绝

ssl

Ssl SNI（服务器名称指示）适用于TLS 1.2，但被TLS 1.0上的服务器拒绝,ssl,tls1.2,Ssl,Tls1.2,以下是Wireshark的输出： 1） TLS v1.0，服务器引发不支持的扩展（110）警报： 2） TLS v1.2运行良好，正如预期的那样： TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 78 Handshake Protocol: Client Hello

以下是Wireshark的输出：

1） TLS v1.0，服务器引发不支持的扩展（110）警报：

2） TLS v1.2运行良好，正如预期的那样：

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 78
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 74
        Version: TLS 1.2 (0x0303)
        Random
        Session ID Length: 0
        Cipher Suites Length: 8
        Cipher Suites (4 suites)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 25
        Extension: server_name
            Type: server_name (0x0000)
            Length: 21
            Server Name Indication extension
                Server Name list length: 19
                Server Name Type: host_name (0)
                Server Name length: 16
                Server Name: www.google.co.uk

TLSv1.2 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 85
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 81
        Version: TLS 1.2 (0x0303)
        Random
        Session ID Length: 32
        Session ID: c702788e7eaea1da30876968caedd785819c304da7e08bde...
        Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
        Compression Method: null (0)
        Extensions Length: 9
        Extension: renegotiation_info
            Type: renegotiation_info (0xff01)
            Length: 1
            Renegotiation Info extension
        Extension: server_name
            Type: server_name (0x0000)
            Length: 0

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 4
    Handshake Protocol: Server Hello Done
        Handshake Type: Server Hello Done (14)
        Length: 0

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 262
    Handshake Protocol: Client Key Exchange
        Handshake Type: Client Key Exchange (16)
        Length: 258
        RSA Encrypted PreMaster Secret

然后它继续成功地完成握手

我知道SNI是在TLSV.1.0RFC之后引入的，但从我的阅读来看，它不应该阻止SNI在v1.0上工作

[在任何人建议只更新到TLS v1.2之前-我很乐意这样做，但受旧客户端atm上的空间/内存限制。

作为参考，这是运行在Windows CE上的.NET compact Framework客户端。]

原来是[older]BouncyCastle C#端口中的一个bug，在最新的BC版本中修复。

感谢Steffen Ullrich

您确定警报是由服务器而不是客户端生成的吗？在服务器hello完成之后，在客户端发送任何新消息之前发送此类警报是非常不寻常的。除此之外，我使用SNI、TLS 1.0和OpenSSL的相同密码访问google.co.uk没有问题。@SteffenUllrich是的，OpenSSL工作正常。我将修改TLS客户端代码，谢谢你的提示。这是BouncyCastle的C#port，顺便问一下，问题解决了吗？如果是，请勾选复选标记，使其变为绿色，将其标记为已解决。

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 78
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 74
        Version: TLS 1.2 (0x0303)
        Random
        Session ID Length: 0
        Cipher Suites Length: 8
        Cipher Suites (4 suites)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 25
        Extension: server_name
            Type: server_name (0x0000)
            Length: 21
            Server Name Indication extension
                Server Name list length: 19
                Server Name Type: host_name (0)
                Server Name length: 16
                Server Name: www.google.co.uk

TLSv1.2 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 85
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 81
        Version: TLS 1.2 (0x0303)
        Random
        Session ID Length: 32
        Session ID: c702788e7eaea1da30876968caedd785819c304da7e08bde...
        Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
        Compression Method: null (0)
        Extensions Length: 9
        Extension: renegotiation_info
            Type: renegotiation_info (0xff01)
            Length: 1
            Renegotiation Info extension
        Extension: server_name
            Type: server_name (0x0000)
            Length: 0

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 4
    Handshake Protocol: Server Hello Done
        Handshake Type: Server Hello Done (14)
        Length: 0

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 262
    Handshake Protocol: Client Key Exchange
        Handshake Type: Client Key Exchange (16)
        Length: 258
        RSA Encrypted PreMaster Secret