Why does Apache return a 400 "bad request" error when connecting to it with "openssl s_client" even though it sends TLS SNI

... "GET / HTTP/1.1\n" 400 3279 "-" "-"

The line ending in a HTTP request should be \r\n and not \n. Try the -crlf option of s_client to translate an Enter into \r\n instead of only \n.

Also the server might have some limit in which time the request should be fully sent and it might not be fast enough to just type everything. Try cut+paste a pre-created request from a text file instead.


You did actually send a malformed request. HTTP/1.1 requires the presence of the Host: header, and further with SNI, the content of the Host: header must match the SNI hostname.

Try again and this time provide the correct Host: header.