I have a web server [apache 2.4.62 on a RedHat9 server] that receives an SSL request for the address https://1.2.3.4/ (with the real serevr IP), the server will reply by sending its certificate back and then I assume the client compares the hostname on the cert and sees that it doesn't match what it send in the SSL ClientHello message and so issues a warning to the user about an unsafe site.
Is there a way to just deny such HelloClient messages from mod_ssl, perhaps an option or other setting?
It appears that the HelloClient message has the target hostname within it, so mod_ssl should be able to say "ok, this hostname is not in my server cert(s), I'm not going to talk to this guy. reject."
Since this seems like something it should already do, I'm probably missing something, but I know this is happening with a few servers in my organization.
I could probably get around this by having the IP address put into the server certificate and then remapping a virtual host, but the issuer is frowning on that.
I looked at both the mod_ssl page and openssl, but didn't see any options that could help me.
How can I refuse the connection?
