Changelog

Client-side SNI support added to TIdSSLIOHandlerSocketOpenSSL

Client-side support for the TLS SNI extension has been added to TIdSSLIOHandlerSocketOpenSSL.

When TIdSSLIOHandlerSocketOpenSSL is making an outbound TLS connection, it now calls SSL_set_tlsext_host_name() to enable SNI. This extension is used on servers that host multiple hostnames on the same IP address. Use of this extension allows the server to know which hostname a client is trying to connect to.

At this time, TIdSSLIOHandlerSocketOpenSSL does not validate the peer’s identity to make sure it has connected to the correct hostname, or implement server-side SNI for inbound connections.