Adding SNI support to SSH

Damien Miller djm at
Mon Jan 20 19:41:21 AEDT 2020

On Sun, 12 Jan 2020, Nico Schottelius wrote:

> Good morning,
> I was wondering what you think about SNI (server name indication)
> support to OpenSSH?

I think SNI would be problematic because (until very recently) it
requires that clients advertise which host they'd like to connect to in
the clear.

However, ESNI[1] (encrypted SNI) is nearing standardisation and it might
be possible to adapt that protocol for SSH. I'd rather follow something
that has had lots of cryptographic review than cook up something for SSH



More information about the openssh-unix-dev mailing list