On 1/23/23 17:12, Bambero wrote:
Hi, This is strange problem probably LibreSSL related. After upgrade OpenBSD to 7.2 windows clients using google chrome browser have problems to connect to apache server. Some requests are served correct, but periodically browser shows NET::CERT_COMMON_NAME_INVALID and in server logs we can see: AH02645: Server name not provided via TLS extension (using default/first virtual host), default There was no problem under 7.1. The problem occurs only when using google chrome browser (not chromium) under windows. I compiled under 7.2 version of apache from 7.1 and from current - didn't help. OpenBSD builtin server works correct. Problem also submitted here: https://bugs.chromium.org/p/chromium/issues/detail?id=1409224
Google analysis pointed to the fact that they recently enabled "Permute TLS extensions" by default in Chrome, is this something we need to implement in LibreSSL ? Regards Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
