Is it good idea to set SSLStrictSNIVHostCheck on at the server level?
Is it a good idea to set Apache's SSLStrictSNIVHostCheck on
at the server level? Is it a better idea to set it just for a virtual host?
What are the pros and cons of this setting?
Solution 1:
It depends on why you are running a secure server. if you are using SNIV to get multiple virtual hosts on a single IP address, each with a different cert, does it matter if someone with a browser that does not support SNIV can connect to the first site with the wrong name? If it does, then you should set it to on. If it doesn't, set it to off.
See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstrictsnivhostcheck