httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 58007] 400 Bad Request with fully qualified domain name over HTTPS
Date Mon, 08 Jun 2015 12:30:39 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=58007

--- Comment #9 from Stefan Eissing <stefan@eissing.org> ---
It cannot be considered a bug when SNI and Host header differ. You cannot
expect all requests on the same connection to have the same Host header either.

Browsers will reuse TLS connections, if hostnames resolve to the same IP
address and wildcard certs or matching alternate names in the certificate to
match.

It is really a client decision to reuse an existing connection for other
hostnames.

And if the server wants the client to use another connection for such a
request, 421 is the proper status code. See
http://httpwg.github.io/specs/rfc7540.html#HttpExtra Section 9.1.2
Additionally, the Alt-Svc http extensions
https://httpwg.github.io/http-extensions/alt-svc.html#alt-svc explicitly
encourages clients to use a connection for "foreign" URLs.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message