On Mon, Mar 3, 2025 at 10:20 PM Schuler, Laurence wrote:
>
> It appears that the HelloClient message has the target hostname within it, so
> mod_ssl should be able to say "ok, this hostname is *not* in my server
> cert(s), I'm not going to talk to this guy. reject.
Setting "SSLStrictSNIVHostChec
I have that line in my ssl.conf file. It was initially set to "off", but even
after I changed it to "on" I get the same results.
I actually don't think this is an apache issue exactly. I'm going to check with
the openssl group, I think that is where the refusal should
come into play.
Thanks,
--La
