Name

HTTH-932 — Skipping SNI inspection in unknown protocol

Severity

N (notify)

Message text

Skipping SNI inspection in unknown protocol, handshake type expected to be 0x01, got 0x%x

Description

The data looks like SSLv3/TLS handshake message, except that it is not a ClientHello, which is required by RFC 2246. This request is therefore considered to be unknown protocol so SNI inspection is skipped and server IP address is used in ACL matching instead of hostname from the SNI inspection. URI is also left unchanged.

See also

logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.