Tls-sni-01 or tls-sni-02 to support now?

Neilpang · June 16, 2016, 3:31pm

I just found the in the spec is tls-sni-02 .

ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md

---
title: "Automatic Certificate Management Environment (ACME)"
abbrev: ACME
docname: draft-ietf-acme-acme-latest
category: std
workgroup: ACME Working Group
ipr: trust200902

stand_alone: yes
pi: [toc, sortrefs, symrefs]

author:
 -
    ins: R. Barnes
    name: Richard Barnes
    org: Cisco
    email: rlb@ipv.sx
 -
    ins: J. Hoffman-Andrews
    name: Jacob Hoffman-Andrews

This file has been truncated. show original

But the Letsencrypt server responses tls-sni-01 to me?

Does it mean that LetsEncrypt will soon update to support tls-sni-02 ?

What is the timeline ?

And where to find the tls-sni-01 spec ?

Thanks.

pfg · June 16, 2016, 6:34pm

Boulder currently implements the acme-01 draft, which only has TLS-SNI-01.

I think the plan is to keep https://acme-v01.api.letsencrypt.org/directory on acme-01 to preserve backwards compatibility, and run future versions of acme on something like https://acme-v02.api.letsencrypt.org/directory once the changes are implemented.

Neilpang · June 17, 2016, 2:51am

Thanks for your answer.
Got it.

schoen · June 17, 2016, 9:41pm

@Neilpang, congratulations on News! acme.sh now supports tls-sni-01 validation!!

Neilpang · June 18, 2016, 3:27am

Hi, @schoen
Thanks.

pfg · February 15, 2017, 3:08pm

A post was split to a new topic: Concerns about tls-sni-01

ahaw021 · April 20, 2017, 4:33am

Hi @pfg

Any updates on this?

Are there any advantages of TLS-SNI-02 over TLS-SIN-01

Andrei