Feedback desired: Checking my server logs, I regularly see clients using SNI with port identifier, as in: test.example.org:443
I am not sure what client that is, but we do not identify the vhost that is (probably) intended. Then the request comes in, and there we have magic that finds the correct r->server. Then we mod_ssl sees that sslconn->server != r->server and does some compatibility checks. If the base server and vhost have incompatible settings (e.g. other certs/ciphers etc.), the request fails. This seems to be wrong. Do we need the same normalization that we have in Host: header parsing in SNI? -Stefan
