You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/06/21 15:50:01 UTC
[Bug 50227] Option to fail SSL handshake for diverted SNI
connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=50227
--- Comment #1 from felipe@felipegasper.com ---
SNI is ubiquitous among HTTP clients nowadays.
IMO the default behavior should be analogous to:
------------
if ($sni = sni_request()) {
$vhost = get_vhost_for_sni($sni);
if (!$vhost) {
throw 'unrecognized_name';
}
}
else if (require_client_sni()) {
throw $some_other_error;
}
else {
$vhost = get_first_vhost_on_ip($ip);
}
------------
If the request is invalid at the TLS level, it makes sense to fail that request
without passing it down to HTTP.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org