Fair enough. Done in r1841455.
> Am 20.09.2018 um 11:53 schrieb Plüm, Rüdiger, Vodafone Group
> <ruediger.pl...@vodafone.com>:
>
> Correct, but the issue is that as an admin you do not always get the error
> page that a client sees and you have to search for the cause without.
> Especially in this case as non SNI clients are often not browsers but non
> interactive programs.
>
> Regards
>
> Rüdiger
>
>> -----Ursprüngliche Nachricht-----
>> Von: Stefan Eissing <stefan.eiss...@greenbytes.de>
>> Gesendet: Donnerstag, 20. September 2018 11:46
>> An: dev@httpd.apache.org
>> Betreff: Re: minor nit in mod_ssl
>>
>> I am not opposed. However, there is an explanation added to the request
>> error notes, which normally appears in the 403 response if I am not
>> mistaken?
>>
>> -Stefan
>>
>>> Am 20.09.2018 um 11:40 schrieb Plüm, Rüdiger, Vodafone Group
>> <ruediger.pl...@vodafone.com>:
>>>
>>> Can we have set it to info? Debug is very verbose for SSL just to find
>> out why a HTTP request was replied to with a 403.
>>>
>>> Regards
>>>
>>> Rüdiger
>>>
>>> Von: William A Rowe Jr <wr...@rowe-clan.net>
>>> Gesendet: Montag, 17. September 2018 22:27
>>> An: httpd <dev@httpd.apache.org>
>>> Betreff: Re: minor nit in mod_ssl
>>>
>>> On Mon, Sep 17, 2018 at 2:56 AM Stefan Eissing
>> <stefan.eiss...@greenbytes.de> wrote:
>>>>
>>>> mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when
>> strict_sni_vhost_check is enabled and a request comes in without SNI.
>>>>
>>>> Question: is a downgrade from ERR to INFO/DEBUG backportable or do
>> we consider this a break of compatibility?
>>>
>>>
>>>
>>> On Mon, Sep 17, 2018 at 10:43 AM William A Rowe Jr <wrowe@rowe-
>> clan.net> wrote:
>>>>
>>>> It is entirely appropriate to turn down the volume. That's what
>> module-by-module loglevels are there for.
>>>
>>>
>>> This is the loglevel of typical garbage request streams;
>>>
>>> [Mon Sep 17 11:44:43.036820 2018] [core:debug] [pid 26317:tid
>> 140199172134656] protocol.c(965): (20014)Internal error (specific
>> information not available): [client 127.0.0.1:34974] Failed to read
>> request header line (null)
>>> [Mon Sep 17 11:44:43.036871 2018] [core:debug] [pid 26317:tid
>> 140199172134656] protocol.c(1318): [client127.0.0.1:34974] AH00567:
>> request failed: error reading the headers
>>> [Mon Sep 17 15:24:46.146311 2018] [core:debug] [pid 26413:tid
>> 140199180527360] protocol.c(860): [client127.0.0.1:35330] AH02418: HTTP
>> Request Line; Unrecognized protocol 'HTTP/1.xx' (perhaps whitespace was
>> injected?)
>>>
>>> It seems that TLS missing SNI fits this same debug-level pattern of
>> diagnostics.
>
