On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja <pa...@netsafe.cz> wrote: > Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a): >> I believe that Kaspar and Ruediger are still entirely at odds with my >> position, but this 'enhancement' should never have been unilaterally >> applied as it was to 2.2.26 and must be reverted (even as the feature >> is 'fixed' with corrections they have blessed), e.g. the comparison >> must be constrained to apply only to SSLStrictSNIVHostCheck enforcing >> hosts under 2.2 to not break existing configurations. >> >> It similarly aught to be constrained to SSLStrictSNIVHostCheck on the >> 2.4 branch, but I'm just not going to participate in that debate at >> all, which is why I say 'aught to'. Time for a few more committers to >> review the relevant specs and chime in with opinions on productive vs. >> disruptive rules that are out-of-spec. > > Last note: > when I go to the reverse proxy without hostname I can't get website at all. > wget --no-check-certificate https://a.b.c.d will always return HTTP Error 500: > AH01084: pass request body failed to.. > AH00898: Error during SSL Handshake with remote server returned by / > AH01097: pass request body failed to.. > > Any idea how to rework configuration without the downgrade to SSLv3?
Please post the full details in a bug report.
