Matt & Łukasz, > Am 07.02.2022 um 19:23 schrieb Łukasz Moskała <[email protected]>: > > Actually the request is: > > GET / HTTP/1.1 > Host: example.com > > Host header is REQUIRED by HTTP/1.1 specification: > https://datatracker.ietf.org/doc/html/rfc2616#section-14.23 > > HTTPS also sends host header, but SNI is still used to choose correct > certificate.
> Am 07.02.2022 um 18:15 schrieb Matthew Ernisse <[email protected]>: > > On Mon, Feb 07, 2022 at 05:23:03PM +0100, Mike Fischer said: >> >> Not quite true. I do use DNS and for practical applications I also >> use HTTPS and SNI. But DNS is secondary and sometimes adds another >> layer of complexity. Also SNI is not available for services not >> secured by SSL/TLS to my knowledge. E.g. in my example for a web >> server on port 80 the hostname comes into play only to resolve the >> IP. The actual request would be "GET / HTTP/1.1" — no hostname in >> sight. > > FWIW, the assertion about HTTP is incorrect here. HTTP 1.1 defines the Host > header which is mandatory in requests which and has been used for decades to > provide name based virtual hosting sharing an IP address. > > https://datatracker.ietf.org/doc/html/rfc2616/#section-14.23 > > In practice DNS isn't even needed, an entry in your client's hosts(5) file > has been sufficient. > > —Matt You are both correct! I hadn’t realized the header was mandatory for HTTP/1.1. Thanks for pointing that out. (I wonder if curl(8) adds that header automatically? Though that is off topic for this thread…) Mike
