httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: SNI Host: header mismatch
Date Wed, 10 Jun 2015 15:30:26 GMT
On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
<> wrote:
> Today I had the second user which got "400 Bad Request" when using mod_h2 with a wildcard
certificate. So, I was thinking how to possibly fix the code in mod_ssl.
> The mostly harmless approach is the addition of a configuration directive that admins
may use to explicitly allow multiple host requests on a SNI connection. Which would mean that
both the config of the SNI host and the config of the request host have "SSLSNIVHostMatch
> The case where no Host header is provided or no SNI is used I propose to leave unaffected,
e.g. continue to fail.
> Any thoughts?

Maybe matching against the ServerName and ServerAlias(es) instead of
the Host header, so that the admin can still have a control on it...

View raw message