Using Server Name Indication (SNI) with wolfSSL

Have you ever wondered how to use SNI with the wolfSSL embedded SSL library? SNI is useful when a server hosts multiple
‘virtual’ servers at a single underlying network address. It may be desirable for clients to provide the name of the server which it is contacting. To enable SNI with wolfSSL you can simply do:

./configure –enable-sni

Using SNI on the client side requires an additional function call, which should be one of the following functions:

wolfSSL_CTX_UseSNI()
wolfSSL_UseSNI()

wolfSSL_CTX_UseSNI() is most recommended when the client contacts the same server multiple times. Setting the SNI extension at the context level will enable the SNI usage in all SSL objects created from that same context from the moment of the call forward.

wolfSSL_UseSNI() will enable SNI usage for one SSL object only, so it is recommended to use this function when the server name changes between sessions.

On the server side one of the same function calls is required. Since the wolfSSL server doesn`t host multiple `virtual` servers, the SNI usage is useful when the termination of the connection is desired in the case of SNI mismatch. In this scenario, wolfSSL_CTX_UseSNI() will be more efficient, as the server will set it only once per context creating all subsequent SSL objects with SNI from that same context.

If you have any questions about using SNI with TLS please let us know at facts@wolfssl.com.