IP based virtual hosts are not working properly after upgrading Mozilla NSS

Question

We are using NSS as SSL engine in Apache server. Recently we applied latest SUSE Linux Enterprise server patches on Apache server which is hosting two IP based virtual hosts. After upgrade the first virtual host is working fine but the second one is not working.

Error log shows "Hostname vhost1.xxyyzz.com provided via SNI and hostname vhost2.xxyyzz.com provided via HTTP are different" when accessing vhost2.xxyyzz.com.

If we switch back to use mod_ssl the issue was gone. Obviously the issue is related to the following patches. Any help would be appreciated.

mozilla-nss 3.16.4-0.8.1 mozilla-nss-tools 3.16.4-0.8.1 apache2-mod_nss 1.0.8-0.4.9.1

score 0 · Answer 1 · answered Oct 25 '14 at 02:55

Check your /etc/hosts file to see if you might be assigning the domain name to a local internal IP address or interface. This caused the same error message for me and many 400 errors. After changing /etc/hosts don't forget to restart the name service cache daemon ( service nscd restart ).

Dan Miller · Answer 2 · 2015-04-28T21:05:31.033

0

SNI isn't technically fully supported in that version of mod_nss but it has since been added: https://www.suse.com/support/update/announcement/2015/suse-ru-20150591-1.html

Saw the same error and saw it go away after applying the referenced patch.

edited Apr 28 '15 at 21:05

answered Apr 28 '15 at 21:00

Dan Miller

1
1

IP based virtual hosts are not working properly after upgrading Mozilla NSS

2 Answers2