- From: Daniel Stenberg <daniel@haxx.se>
- Date: Thu, 17 Mar 2016 00:15:35 +0100 (CET)
- To: Mark Nottingham <mnot@mnot.net>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 17 Mar 2016, Mark Nottingham wrote: >> I suspect HTTPS servers will use the SNI field to serve contents > > They shouldn't be doing that (if indeed they do); SNI is only for selecting > the certificate, not anything to do with what happens inside HTTP. Right, I wrote that part too quick without thinking properly. Sorry. Thanks for clearing that up! I've since tested a bunch of random popular HTTPS sites by adding a dot to the host name in the Host: header (while keeping it out of the SNI field) and quite clearly there's a non-zero amount of servers that deliver completely different headers/contents than if the header is sent without the dot. -- / daniel.haxx.se
Received on Wednesday, 16 March 2016 23:16:03 UTC