TLS Extensions (SNI, ALPN, OCSP Stapling)

#Extending the Handshake: The Modern Web's Glue#link

The original TLS handshake was too rigid for the modern web. As we moved toward hosting thousands of websites on a single IP address (Virtual Hosting) and using multiple protocols (HTTP/2, HTTP/3), we needed a way to add metadata to the handshake without breaking the core protocol.

SNI (Server Name Indication)

In the early days, one IP address equaled one SSL certificate. But modern servers host many domains on one IP. Since the server needs to present the *correct* certificate, but the certificate is sent *after* the handshake starts, we have a 'chicken and egg' problem. SNI solves this by allowing the client to include the hostname (e.g., `api.vulnarex.com`) in the cleartext `ClientHello`.

The `-servername` flag tells OpenSSL to send the SNI extension. If you omit it, the server may send the wrong certificate or terminate the connection.

ALPN (Application-Layer Protocol Negotiation)

ALPN allows the client and server to negotiate which protocol will be used *inside* the encrypted tunnel. Instead of doing a TLS handshake and then sending an HTTP 'Upgrade' header, the client lists its preferences (e.g., `h2`, `http/1.1`) in the `ClientHello`. The server picks one, and they immediately start communicating using that protocol.

OCSP Stapling: Fixing the Revocation Problem

How does a browser know if a certificate was revoked before its expiry? Normally, it asks the CA (via OCSP). But this is slow and leaks user privacy (the CA knows who you are visiting). With OCSP Stapling, the *server* periodically asks the CA for a signed 'proof of validity' and 'staples' it to the certificate during the handshake.

• ▪Reduces latency (no need for browser to call CA)
• ▪Improves privacy (CA doesn't see client IP)
• ▪Prevents 'Soft-Fail' risks where browsers ignore OCSP timeouts
• ▪Requires server-side cron job for refreshing the staple