Name

HTTH-929 — Skipping SNI inspection in unknown protocol

Severity

N (notify)

Message text

Skipping SNI inspection in unknown protocol, first 2 bytes are 0x%x%x, expected 0x1603

Description

SNI inspection expects that the request data is a ClientHello of SSLv3 or TLS 1.0 and higher, which is indicated by first 2 bytes of the message. Value 0x16 of the first byte means ClientHello and value 0x03 of the second byte means that the protocol version is SSLv3 or TLS 1.0 or higher. Unknown protocol is therefore assumed so SNI inspection is skipped and server IP address is used in ACL matching instead of hostname from the SNI inspection. URI is also left unchanged.

See also

logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.