This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: SSL SNI varies when host contains port number
Type: behavior Stage:
Components: Library (Lib) Versions: Python 3.10, Python 3.9
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, hexf
Priority: normal Keywords:

Created on 2021-10-10 13:41 by hexf, last changed 2022-04-11 14:59 by admin.

Files
File name Uploaded Description Edit
test.py hexf, 2021-10-10 13:41 Example script
bpo45423.pcapng christian.heimes, 2021-10-10 14:42
keylog christian.heimes, 2021-10-10 14:42
Messages (2)
msg403586 - (view) Author: Thomas Hobson (hexf) Date: 2021-10-10 13:41
Not entirely sure if this is intended.

When using urllib.request.urlopen, with a hostname and a varying port the SNI information sent differs.
To my undersnding, the SNI info shouldn't include the port and should only include the actual host.

Attached is an example script demonstrating the issue, where the only difference between the URLs is adding a port number.
The server it points to is configured to only match "ci.hexf.me".
msg403591 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-10-10 14:42
I have tested your assumption with wireshark. It's not the TLS SNI extension. In both cases ssl module sends SNI "ci.hexf.me". The issue is likely caused by HTTP Host header. The host header contains the port.

I'm attaching the capture and keylog file.
History
Date User Action Args
2022-04-11 14:59:51adminsetgithub: 89586
2021-10-10 14:42:14christian.heimessetfiles: + keylog
2021-10-10 14:42:06christian.heimessetfiles: + bpo45423.pcapng
assignee: christian.heimes ->
messages: + msg403591

components: + Library (Lib), - SSL
2021-10-10 13:41:48hexfcreate