On Thu, May 24, 2018 at 2:08 PM, Stefan Eissing <[email protected]> wrote: > > >> Am 24.05.2018 um 14:07 schrieb Yann Ylavic <[email protected]>: >> >> On Thu, May 24, 2018 at 1:57 PM, Stefan Eissing >> <[email protected]> wrote: >>> >>>> Am 24.05.2018 um 13:51 schrieb Yann Ylavic <[email protected]>: >>>> >>>> That'd work (and looks better than Stefan's SNI oriented proposal), >>>> but I wish we had something working for non-SSL vhosts too, >>>> UseDefaultVHost OFF|ON? >>> >>> Could work also, if this means that SSL connections with SNI are then >>> aborted right away. >> >> Yes, I think that mod_ssl could handle the OFF case earlier, depending >> on SNI vs vhost's ServerName/Alias. >> >>> As explained, I do want such hosts to simply not >>> work with https:, and avoid a "not secure" warning first. >> >> Yes SSL is special, the "plain" case is worth it too IMHO (checked >> elsewhere, but still based on the same directive). > > Agreed.
The "plain" case would probably also catch mismatching SSL vhosts with non-SNI clients.
