Feedback desired:

Checking my server logs, I regularly see clients using SNI with port 
as in:

I am not sure what client that is, but we do not identify the vhost that is
(probably) intended. Then the request comes in, and there we have magic that
finds the correct r->server. Then we mod_ssl sees that sslconn->server != 
and does some compatibility checks. If the base server and vhost have 
settings (e.g. other certs/ciphers etc.), the request fails.

This seems to be wrong. Do we need the same normalization that we have in Host: 
parsing in SNI?


Reply via email to