On Mon, Mar 3, 2025 at 10:20 PM Schuler, Laurence wrote: > > It appears that the HelloClient message has the target hostname within it, so > mod_ssl should be able to say "ok, this hostname is *not* in my server > cert(s), I'm not going to talk to this guy. reject.
Setting "SSLStrictSNIVHostCheck on" in global configuration would block connections to non-declared hosts (i.e. not configured in any ServerName/ServerAlias). (see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstrictsnivhostcheck) Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
