Is it good idea to set SSLStrictSNIVHostCheck on at the server level?

apache-2.2 ssl virtualhost

Is it a good idea to set Apache's SSLStrictSNIVHostCheck on at the server level? Is it a better idea to set it just for a virtual host?

What are the pros and cons of this setting?


Solution 1:

It depends on why you are running a secure server. if you are using SNIV to get multiple virtual hosts on a single IP address, each with a different cert, does it matter if someone with a browser that does not support SNIV can connect to the first site with the wrong name? If it does, then you should set it to on. If it doesn't, set it to off.

See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstrictsnivhostcheck

Related

How do I debug this Nginx to uWSGI timeout?
Using razor2 with spamassassin
Dovecot (with Postfix) configuration has connection refused when accessing auth-userdb
Set up trust between Azure AD and local AD
Trouble with Google Apps Custom Domain SSL
How does this 2048bit SSL requirement affect existing internal PKIs?
How to recover data from Apple raid 0 drives from dead xserve?
HP MSL2024 LTO6 2 Drive & HP ProLiant DL180 G6
How to enable hibernation on Windows Server 2012 with Hyper-V role? [duplicate]
Security implications of having less permission restrictions on a group than owner in Unix?
Podman fails to add container to a pod [firewalld, nftables]
Access denied error when running site with SSL