Hello,
I cannot find how to disable SNI and Renegotiation Indication Extension when connecting to an FTPS site.
The site is an IBM mainframe that does not support TLS 1.2, so I am forcing a TLS 1.1 handshake.
The site works perfectly with RebEx 2015 R4.1, but it does not work with RebEx 2017 R6.3. When I run a Wireshark capture on both connections, the only difference between the two versions is that RebEx 2017 R6.3 is adding the SNI extension to the Client Hello, and the TLSEMPTYRENEGOTIATIONINFOSCSV cipher to the list of cipher suites. (It was originally also adding the elliptical curve ciphers as well as two extensions relating to elliptical curves, but those disappeared when I explicitly disabled elliptical curves using the SslAllowedCurves setting.)
The server immediately disconnects after receiving the Client Hello. I have a feeling that it's the SNI extension, because the older RebEx version did not use any SSL extensions at all.
Is there a way to disable SNI and the Renegotiation Indication Extension so that the new version of RebEx will emulate the old one in the Client Hello?