How To Record and Replay on servers with SNI Enabled

Server Name Indication (SNI) is an extension of the TLS protocol, in which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows multiple certificates to be sent from a single server. It is often used on cloud servers, such as AmazonCloud.

You can control whether VuGen sends an SNI extension to SSL handshakes using:

web_set_sockets_option(“TLS_SNI”, <value>);

Where:

Value Description
"1" Default. Enable extension and send the server name value derived from the URL (host name)
"0" Disable extension. Do not send an SNI extension with SSL handshakes.
"<server name>" Manually specify the SNI extension value for the next handshake only.

Back to top

Additional SNI Guidelines

VuGen uses the following guidelines for SSL handshakes:

During recording:

  • If SNI support is detected, no special step is added.
  • If SNI is not detected, a
    web_set_sockets_option(“TLS_SNI”, “0”);
    statement is added to the beginning of the script.

During replay:

  • When the <server_name> option is used, the specified server name is used for the next handshake only.
    Subsequent handshakes revert to the standard enabled (1) or disabled (0) behavior.

  • If no web_set_sockets_option(“TLS_SNI”, <value>); statement exists, or if a web_set_sockets_option(“TLS_SNI”, "1"); exists, the default SNI extension is sent with each SSL handshake.

    Therefore, scripts created prior to support of this option will run with SNI enabled.

    To prevent this behavior, add web_set_sockets_option(“TLS_SNI”, “0”); to your script.

Back to top