AnsweredAssumed Answered

erroneous SNI scan causes mis-detection and AH02032 Apache 2.4.6 error

Question asked by rhardy on Aug 27, 2013
Latest reply on Sep 2, 2013 by Ivan Ristić

Anyone know whywhy the SSL Labs scanner seems to be using ficticious hostnames to determine SNI support?

 

I have an Apache 2.4.6 server configured with a single hostname with a valid single 443 virtual host in which www2.mydomain.com is set as the server name. www.mydomain.com is a different server.

 

I asked the scanner to scan www2.mydomain.com.

 

When SSL Labs scans the host it incorrectly uses www.www2.mydomain.com (which doesn't exist and is not referenced anywhere) which triggers the Apache error below and then wrongly assumes SNI is not enabled/available.

 

[Tue Aug 27 11:00:38.570010 2013] [ssl:error] [pid 22179] AH02032: Hostname www.www2.mydomain.com provided via SNI and hostname www2.mydomain.com provided via HTTP are different

 

Domain obfoscated for security reasons. Link to actually host report report available by private email on request.

Outcomes