Index: doc/tls.html ================================================================== --- doc/tls.html +++ doc/tls.html @@ -181,11 +181,13 @@ command options with one additional option. It returns the channel handle id for the new socket.

-autoservername bool

If true, automatically set the -servername argument to the -host argument. Default is false.

+host argument. Prior to TclTLS 2.0, the default is false. +Starting in TclTLS 2.0, the default is true unless -servername +is also specified.

tls::socket -server command ?-option? ?value? ?-option value ...? port

Same as previous, but instead creates a server socket for clients to connect to just like the Tcl socket -server command. It returns the channel handle id for the new socket.

@@ -278,13 +280,14 @@ only accept cipher suites that provide forward secrecy.

-server bool

Specifies whether to act as a server and respond with a server handshake when a client connects and provides a client handshake. The default is false.

-servername hostname
-

Specify the peer's hostname. This is used to set the TLS Server Name -Indication (SNI) extension. Set this to the expected servername in the -server's certificate or one of the Subject Alternate Names (SAN).

+

Specify the peer's hostname. This is used to set the TLS Server Name Indication +(SNI) extension. Set this to the expected servername in the server's certificate +or one of the Subject Alternate Names (SAN). Starting in TclTLS 2.0, this will +default to the host for the tls::socket command.

-session_id binary_string

Specifies the session id to resume a session. Not supported yet.

-ssl2 bool

Enable use of SSL v2. The default is false. Note: Recent versions of OpenSSL no longer support SSLv2, so this may not have any effect. See the Index: doc/tls.man ================================================================== --- doc/tls.man +++ doc/tls.man @@ -50,11 +50,13 @@ [list_begin options] [opt_def -autoservername [arg bool]] If [const true], automatically set the [option -servername] argument to the -[emph host] argument. Default is [const false]. +[emph host] argument. Prior to TclTLS 2.0, the default is [const false]. +Starting in TclTLS 2.0, the default is [const true] unless [option -servername] +is also specified. [list_end] [call [cmd tls::socket] [option -server] [arg command] [opt [arg -option]] [opt [arg value]] [opt [arg "-option value ..."]] [arg port]] @@ -173,13 +175,14 @@ [opt_def -server [arg bool]] Specifies whether to act as a server and respond with a server handshake when a client connects and provides a client handshake. The default is [const false]. [opt_def -servername [arg hostname]] -Specify the peer's hostname. This is used to set the TLS Server Name -Indication (SNI) extension. Set this to the expected servername in the -server's certificate or one of the Subject Alternate Names (SAN). +Specify the peer's hostname. This is used to set the TLS Server Name Indication +(SNI) extension. Set this to the expected servername in the server's certificate +or one of the Subject Alternate Names (SAN). Starting in TclTLS 2.0, this will +default to the host for the [cmd tls::socket] command. [opt_def -session_id [arg binary_string]] Specifies the session id to resume a session. Not supported yet. [opt_def -ssl2 [arg bool]] Index: doc/tls.n ================================================================== --- doc/tls.n +++ doc/tls.n @@ -331,11 +331,13 @@ for the new socket\&. .RS .TP \fB-autoservername\fR \fIbool\fR If \fBtrue\fR, automatically set the \fB-servername\fR argument to the -\fIhost\fR argument\&. Default is \fBfalse\fR\&. +\fIhost\fR argument\&. Prior to TclTLS 2\&.0, the default is \fBfalse\fR\&. +Starting in TclTLS 2\&.0, the default is \fBtrue\fR unless \fB-servername\fR +is also specified\&. .RE .TP \fBtls::socket\fR \fB-server\fR \fIcommand\fR ?\fI-option\fR? ?\fIvalue\fR? ?\fI-option value \&.\&.\&.\fR? \fIport\fR Same as previous, but instead creates a server socket for clients to connect to just like the Tcl \fBsocket -server\fR command\&. It returns the channel @@ -450,13 +452,14 @@ \fB-server\fR \fIbool\fR Specifies whether to act as a server and respond with a server handshake when a client connects and provides a client handshake\&. The default is \fBfalse\fR\&. .TP \fB-servername\fR \fIhostname\fR -Specify the peer's hostname\&. This is used to set the TLS Server Name -Indication (SNI) extension\&. Set this to the expected servername in the -server's certificate or one of the Subject Alternate Names (SAN)\&. +Specify the peer's hostname\&. This is used to set the TLS Server Name Indication +(SNI) extension\&. Set this to the expected servername in the server's certificate +or one of the Subject Alternate Names (SAN)\&. Starting in TclTLS 2\&.0, this will +default to the host for the \fBtls::socket\fR command\&. .TP \fB-session_id\fR \fIbinary_string\fR Specifies the session id to resume a session\&. Not supported yet\&. .TP \fB-ssl2\fR \fIbool\fR Index: library/tls.tcl ================================================================== --- library/tls.tcl +++ library/tls.tcl @@ -263,10 +263,17 @@ if {![info exists argsArray(-servername)]} { set argsArray(-servername) $host lappend iopts -servername $host } } + + # Use host as SNI server name without -autoservername and -servername args + if {![info exists argsArray(-autoservername)] && + ![info exists argsArray(-servername)]} { + set argsArray(-servername) $host + lappend iopts -servername $host + } lappend sopts $host $port } # # Create TCP/IP socket