Menu
▾
▴
Re: [TCLCORE] TCLTLS and SNI for multiple HTTPS target hosts
|
From: Harald O. <har...@el...> - 2025-10-22 06:34:03
|
Alex, TCLTLS 1.7.1 introduced "-autoservername" option. Does this solve your issue? Harald Am 22.10.2025 um 08:26 schrieb Alexander Schöpe via Tcl-Core: > Hi Brian, > > I have a question regarding the use of tcltls in combination with the http package, specifically concerning Server Name Indication (SNI). > > Recently, it seems that some Apache web servers have changed their configuration, and I’m increasingly encountering the 421 Misdirected Request error when making HTTPS requests without explicitly setting the servername field during the TLS handshake. > > The error message is typically something like: > > The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection. > > I’ve been able to work around this issue for a single target server by explicitly registering HTTPS like this: > > http::register https 443 [list ::tls::socket -tls1 1 -servername bla.example.com] > > However, my question is: > What is the recommended approach if I need to contact multiple different HTTPS servers within the same Tcl script? > Since http::register is global for the https scheme, it doesn’t seem possible to dynamically assign the -servername per connection. > > Is there a best practice or suggested workaround – perhaps by creating a custom socket for each http::geturl call with the correct SNI set depending on the target host? > > Any advice would be much appreciated. > > Best > Alex |
