|
I have that line in my ssl.conf file. It was initially set to "off", but even after I changed it to "on" I get the same results.
I actually don't think this is an apache issue exactly. I'm going to check with the openssl group, I think that is where the refusal should
come into play.
Thanks,
--Larry
From: Yann Ylavic <ylavic.dev@xxxxxxxxx>
Sent: Tuesday, March 4, 2025 3:27 AM To: users@xxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxx> Subject: [EXTERNAL] [BULK] Re: [users@httpd] apache/mod_ssl block IP connection attempt? CAUTION: This email originated from outside of NASA. Please take care when clicking links or opening attachments. Use the "Report Message" button to report suspicious messages to the NASA SOC.
On Mon, Mar 3, 2025 at 10:20 PM Schuler, Laurence wrote: > > It appears that the HelloClient message has the target hostname within it, so mod_ssl should be able to say "ok, this hostname is *not* in my server cert(s), I'm not going to talk to this guy. reject. Setting "SSLStrictSNIVHostCheck on" in global configuration would block connections to non-declared hosts (i.e. not configured in any ServerName/ServerAlias). (see https://gcc02.safelinks.protection.outlook.com/?url=""> Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx |
|