Hacker News new | ask | show | jobs
by sleevi 1891 days ago
Using (defined) properties of the TLS ClientHello to determine how the server will respond.

For example, changing the certificate used based on the ALPN identity, the SNI server host, and the advertised client ciphersuites.
1 comments
Tobu 1891 days ago
I've been doing this by implementing ResolvesServerCert, which has access to the ClientHello. It covers the acme alpn use case.

Though you can't use it to pick other properties, like making an ALPN protocol conditional on SNI.

link