if a developer would like to add some
more information/parameters for his
SSL communication/handshaking, where
does the parameter should be located?
RFC 3546 'Transport Layer Security (TLS) Extensions' is the only defined way to add additional parameters to the SSL/TLS handshake.
You can add your extension to the Client Hello message. If the server recognizes it, it can respond with a corresponding extension on the Server Hello message. The server cannot send it unless it was requested, however.
is it inside the code for http header
or is it creating a new extension for
TLS like the server name
indication(SNI)?
It has nothing to do with HTTP. The SSL/TLS handshake is over before HTTP even begins.
I have looked into the code and RFC
for SNI but seems does not get any
clues?
Look at RFC 3546 for the extension format. The IANA manages the extension numbers.
http://www.iana.org/assignments/tls-extensiontype-values/
Note that there is no 'experimental' range for you to use. IMHO what you do over your own ports is your own business, but be aware of the possibility of conflict in the future.
Does adding more parameters to the
handshaking process will disturb the
current implementation?
Some SSLv3 and older TLS 1.0 servers will hang up on you if you send an extension they don't like. Major web browsers implement fallback reconnect logic without extensions.
will it broke the standard?
If your extension follows the general format for extensions defined in RFC 3546, the only (modern) standard you are breaking is that you are not using an IANA-blessed extension ID number. If your extension is generally useful, you should strongly consider submitting it for formal standardization.