Jacob Champion <jchampion(at)timescale(dot)com> writes:
> On Tue, Jun 21, 2022 at 3:07 PM Jacob Champion <jchampion(at)timescale(dot)com> wrote:
>> There is also a question of why LibreSSL doesn't do the same for the
>> IPv6 CIDR test. Should we proactively disable SNI for both of them?
> (Never mind; it's because we don't send SNI if there's a colon
> anywhere in the host string.)
So maybe the simplest fix is to do the same if there's a '/' anywhere?
More generally, should we limit the SNI host string to chars allowed in
DNS names?
regards, tom lane