https://issues.apache.org/bugzilla/show_bug.cgi?id=55782
--- Comment #5 from Kaspar Brand <[email protected]> --- (In reply to Andre W. from comment #4) > I did the test by multiple ways, via jMeter or browser and everytime i > called the frontend-server with the same URL, also the misleading failures > were gone after i disabled TSL 1.2 for the backend communication. If disabling TLSv1.2 (as opposed to TLSv1 or TLSv1.1) makes the issue disappear, then it's probably not strictly related to SNI. > I'm also aware about the topic/bug of "SSLProxyCheckPeerCN / > ProxyPreserveHost" and we definitly don't have such an option running, also > this is not the problem in that case. In your original report (from 15 November), you're quoting from your "first apache" configuration, which includes "ProxyPreserveHost On", so I wonder why you're now saying that you "definitly don't have such an option running". The fact that "localhost" is put into the SNI extension for connections going to the backend is basically due to the following code: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c?revision=1497470&view=markup#l2028 (To confirm what mod_ssl puts into the SNI extension, set the LogLevel to debug - see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c?revision=1501712&view=markup#l1074) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
