ISTR that the RFC about SNI forbids port numbers (I find it
unfortunate as a matter of fact, given that host names may contain
Just to say that normalization may come with ports handling/relaxing
in several places, which I support!
On Wed, Apr 11, 2018 at 11:52 AM, Plüm, Rüdiger, Vodafone Group
> I guess this makes sense to avoid these kind of issues.
>> -----Ursprüngliche Nachricht-----
>> Von: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de]
>> Gesendet: Mittwoch, 11. April 2018 11:49
>> An: firstname.lastname@example.org
>> Betreff: SNI normalization?
>> Feedback desired:
>> Checking my server logs, I regularly see clients using SNI with port
>> as in: test.example.org:443
>> I am not sure what client that is, but we do not identify the vhost that
>> (probably) intended. Then the request comes in, and there we have magic
>> finds the correct r->server. Then we mod_ssl sees that sslconn->server
>> != r->server
>> and does some compatibility checks. If the base server and vhost have
>> settings (e.g. other certs/ciphers etc.), the request fails.
>> This seems to be wrong. Do we need the same normalization that we have
>> in Host: header
>> parsing in SNI?