I guess this makes sense to avoid these kind of issues. Regards
Rüdiger > -----Ursprüngliche Nachricht----- > Von: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de] > Gesendet: Mittwoch, 11. April 2018 11:49 > An: dev@httpd.apache.org > Betreff: SNI normalization? > > Feedback desired: > > Checking my server logs, I regularly see clients using SNI with port > identifier, > as in: test.example.org:443 > > I am not sure what client that is, but we do not identify the vhost that > is > (probably) intended. Then the request comes in, and there we have magic > that > finds the correct r->server. Then we mod_ssl sees that sslconn->server > != r->server > and does some compatibility checks. If the base server and vhost have > incompatible > settings (e.g. other certs/ciphers etc.), the request fails. > > This seems to be wrong. Do we need the same normalization that we have > in Host: header > parsing in SNI? > > -Stefan
