I had the effect that when a socket was determined to be dead, the SNI was cleared and a new connection was made without any SNI. So, I save the first ssl_hostname I see and set that on every new connection.
> Am 09.02.2016 um 15:42 schrieb Yann Ylavic <ylavic....@gmail.com>: > > On Mon, Feb 8, 2016 at 6:07 PM, Stefan Eissing > <stefan.eiss...@greenbytes.de> wrote: >> >> One thing: the ssl_hostname that is used for SNI by the generic proxy utils >> seems to get lost when the socket needs to reset and is then not available >> on the next connect. That should affect mod_proxy_http as far as I can tell. >> Maybe someone with more experience in that module wants to take a look. > > This is intended (for http/1 at least), why is it an issue? > When mod_proxy closes the backend connection, it indeed clears any > associated SNI. > But it sets the SNI for any new connection, based on the Host > requested on that connection. > Keep in mind that with "ProxyPreserveHost on" the requested Host may > be the one given by the client, which may hence differ for each > request (mod_proxy won't reuse a connection with a different SNI than > the Host it requests).
