I got a question the other day from a customer asking if the remote host name is automatically transmitted by the client as a Server Name Indication hello extension.

Yes it is, in some cases. In Indy10 it is transmitted by the client, provided that you check the TLSServer.Options.VerifyServerName.vsnDNS option. This options will cause the client both to send the SNI hello extension with the host name the client is attempting to connect to, and to verify that the server certificate sent by the replying server has a common name that matches this host name.

The same is true of the Synapse client layer; it only send a SNI if TLSServer.Options.VerifyServerName.vsnDNS is checked. Beware that the TLSServer in this case is the component with its IsGlobalServer property checked.

The RTC SDK client will always send the SNI; even if it is forcibly set not to verify the server certificate common name. The only way to get around this, is to connect to an IP address, instead of a DNS host name.