How To Record and Replay on servers with SNI Enabled
Server Name Indication (SNI) is an extension of the TLS protocol, in which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows multiple certificates to be sent from a single server. It is often used on cloud servers, such as AmazonCloud.
You can control whether VuGen sends an SNI extension to SSL handshakes using:
|"1"||Default. Enable extension and send the server name value derived from the URL (host name)|
|"0"||Disable extension. Do not send an SNI extension with SSL handshakes.|
|"<server name>"||Manually specify the SNI extension value for the next handshake only.|
Additional SNI Guidelines
VuGen uses the following guidelines for SSL handshakes:
- If SNI support is detected, no special step is added.
- If SNI is not detected, a
statement is added to the beginning of the script.
<server_name>option is used, the specified server name is used for the next handshake only.
Subsequent handshakes revert to the standard enabled (1) or disabled (0) behavior.
web_set_sockets_option(“TLS_SNI”, <value>);statement exists, or if a
web_set_sockets_option(“TLS_SNI”, "1");exists, the default SNI extension is sent with each SSL handshake.
Therefore, scripts created prior to support of this option will run with SNI enabled.
To prevent this behavior, add
web_set_sockets_option(“TLS_SNI”, “0”);to your script.