On 17/10/2019 04:51, Anil Kumar P wrote: > Is the client sending hostname header with the correct host, if not by > default first vhost will be served.
Yes, that's why I set "SSLStrictSNIVHostCheck On" -> according to the documentation "If set to on in the default name-based virtual host, clients that are SNI unaware will not be allowed to access any virtual host". I set it in the default virtual host and in my "second.server" (that is supposed to be TLS 1.3 only) but it didn't change the behaviour (i.e. second.server still accepts TLS 1.2 requests...) Thanks, Marian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
