ISTR that the RFC about SNI forbids port numbers (I find it
unfortunate as a matter of fact, given that host names may contain
Just to say that normalization may come with ports handling/relaxing
in several places, which I support!

On Wed, Apr 11, 2018 at 11:52 AM, Plüm, Rüdiger, Vodafone Group
<> wrote:
> I guess this makes sense to avoid these kind of issues.
> Regards
> Rüdiger
>> -----Ursprüngliche Nachricht-----
>> Von: Stefan Eissing []
>> Gesendet: Mittwoch, 11. April 2018 11:49
>> An:
>> Betreff: SNI normalization?
>> Feedback desired:
>> Checking my server logs, I regularly see clients using SNI with port
>> identifier,
>> as in:
>> I am not sure what client that is, but we do not identify the vhost that
>> is
>> (probably) intended. Then the request comes in, and there we have magic
>> that
>> finds the correct r->server. Then we mod_ssl sees that sslconn->server
>> != r->server
>> and does some compatibility checks. If the base server and vhost have
>> incompatible
>> settings (e.g. other certs/ciphers etc.), the request fails.
>> This seems to be wrong. Do we need the same normalization that we have
>> in Host: header
>> parsing in SNI?
>> -Stefan

Reply via email to