Adding SNI support to SSH
Damien Miller
djm at mindrot.org
Mon Jan 20 19:41:21 AEDT 2020
On Sun, 12 Jan 2020, Nico Schottelius wrote:
>
> Good morning,
>
> I was wondering what you think about SNI (server name indication)
> support to OpenSSH?
I think SNI would be problematic because (until very recently) it
requires that clients advertise which host they'd like to connect to in
the clear.
However, ESNI[1] (encrypted SNI) is nearing standardisation and it might
be possible to adapt that protocol for SSH. I'd rather follow something
that has had lots of cryptographic review than cook up something for SSH
alone.
-d
[1] https://tools.ietf.org/html/draft-ietf-tls-esni-05
More information about the openssh-unix-dev
mailing list