Last Modified: Nov 22, 2021
Opened: Mar 24, 2017
Severity: 2-Critical
Related Article:
K05411532
SNI hostname submitted to a virtual server on the client side is sent to server side, even if there is a different hostname specified in the server SSL profile.
SNI is sent from client to server without stripping or rewriting the SNI.
-- Client side ClientHello contains SNI.
None.
SNI hostname submitted to a virtual server on the client side is no longer sent to server side unless specifically requested (for example when forward proxy is enabled). When there is a different hostname specified in the server SSL profile the SNI is also rewritten to the specified hostname.