wolfSSL now sends the correct alert when a TLS 1.3 server requires the Server Name Indication (SNI) extension and the client fails to include it. Previously, the server sent a generic handshake_failure alert; it now sends the missing_extension alert defined by RFC 8446 for exactly this case. TLS 1.2 and earlier keep the existing handshake_failure behavior.
Using the correct alert improves RFC 8446 compliance and makes failures easier to diagnose: clients immediately know a required extension was missing from the ClientHello, rather than digging through a packet capture after a vague handshake failure.
The change applies to servers built with SNI support (--enable-sni or HAVE_SNI) that are configured to require SNI. It was merged in PR #10332, resolves issue #10318, and will be included in the next wolfSSL release.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

