[RndTbl] weird apache hit
athompso at athompso.net
Fri Feb 21 13:21:24 CST 2020
On 2020-02-21 12:42, Trevor Cordes wrote:
> On 2020-02-21 athompso at athompso.net wrote:
>> Pretty sure this wouldn't have happened with nginx :-D.
> Hahaha. Maybe!
>> Seriously, why not just make the TLS Virthost *:443 to both cover
>> this scenario _and_ enable SNI simultaneously? Is there any harm in
>> people using the other IP address? -Adam
> Well, we were and will in the future use the 2nd/3rd IP addresses in
> apache again. It's just at the moment we are not. If I fix it that
> way now, then I enable the 2nd IP again in the future, I'll still have
> the same bug problem on the 3rd IP.
> As for SNI... what is everyone's opinion of that? Is it "here" now in
> the sense that 99.999% of end-user browsers will support it? Put
> another way, does FB and google require SNI support to hit their sites?
> On our production server we don't want to lock out any user just
> because they don't happen to support SNI. (Yes, TLS limitations will
> probably bite people before SNI limitations...)
SNI went mainstream (i.e. >90% client support) several years ago, and
yeah, I guess we're probably at the >>99% mark by now? Literally XP SP3
w/IE7 is the last thing I know of that doesn't support SNI. Or Android
2.1, and I don't think any of those devices are still alive.
More information about the Roundtable