We have enabled logging, and in comparing a working session to a broken session, the one difference we see is the line that says "ssl: SNI disabled by default" on the broken version. We were looking through the source code, and it looks like this message will appear if WinSCP thinks that the host being passed in is an IP address - however we are not passing an IP, we are only passing a hostname.
I was curious if anyone had ever run into a similar issue, where SNI is being incorrectly disabled, and if there are any suggestions on how to work around it.
We have seen the same error regardless if we test with the .NET library, via PowerShell (by loading the WinSCP.DLL), or by calling the WinSCP.com - such as with the following example:
winscp.com /console /username=bob /password=bobspassword /script=myscript.txt davs://mywebdave.site.com/dav
I have attached the session log for reference as well. Again, it seems that the
NE_SESSFLAG_TLS_SNI flag is not getting set for some reason, which is causing the hostname to not be passed, resulting in the SSL handshake. But am not sure why this is happening, or how to work around it.