[Bug 58026] New: return 421 status code when SNI and Host: header do not match

bugzilla Thu, 11 Jun 2015 08:27:18 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=58026


            Bug ID: 58026
           Summary: return 421 status code when SNI and Host: header do
                    not match
           Product: Apache httpd-2
           Version: 2.4.12
          Hardware: Macintosh
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 32810
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32810&action=edit
sni status code patch for 2.4.x

HTTP/2 clients will aggressively reuse TLS connections when certificates have
matching alt names or wildcards and hosts resolve to the same IP address.

mod_ssl is refusing sich requests with status 400. HTTP/2 introduced the new
421 (Misdirected Request) which clients will recognize and have them open a new
connection with correct SNI name for it.

If the 400 behaviour is left unchanged, h2 clients will fail connections to
vhosts where another connection already exists (and certs allow reuse).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 58026] New: return 421 status code when SNI and Host: header do not match

Reply via email to