--- Comment #17 from Yann Ylavic <> ---
Is it still reproducible with latest 2.4 (2.4.23)?

The SNI string is not compared directly with the Host header anymore, and the
decision to block the request (now with status 421) is solely based on the
compatibility (TLS configuration/parameters wise) of the vhost selected from
the handshake (based on the SNI) and the one finally selected from the request
(based on the Host header).

Both selections compare with the ServerName/ServerAlias(es) declared in the
configuration, so it's up to admin to use a FQDN, or not, or both (one as
Servername, the other as ServerAlias).

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to