1255854 - Firefox sends malformed SNI host names

Status: RESOLVED DUPLICATE of bug 1008120

(Core :: Security: PSM, defect)

Description

[Yst Dawson]

User Agent: W3C standards are important.  Stop **** obsessing over user-agent already.
Build ID: 20160214065925

Steps to reproduce:

I loaded <https://sni.velox.ch./> in Firefox.


Actual results:

Firefox sent an invalid SNI host name, causing the server to throw an error. Firefox's SNI host name included a trailing dot, which is disallowed by RFC 6066.


Expected results:

To quote a couple specifications:
<https://tools.ietf.org/html/rfc6066#section-3> (SNI)
	"HostName" contains the fully qualified DNS hostname of the server,
	as understood by the client.  The hostname is represented as a byte
	string using ASCII encoding without a trailing dot.

<https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
	A client MUST send a Host header field in all HTTP/1.1 request
	messages.  If the target URI includes an authority component, then a
	client MUST send a field-value for Host that is identical to that
	authority component, excluding any userinfo subcomponent and its "@"
	delimiter (Section 2.7.1).

That means that the SNI host name and HTTP Host header do not always match. The SNI host name must never have a trailing dot, but the HTTP Host header must reflect a host name that is identical to the host name of the URI, so if the URI's host has a trailing dot, the HTTP Host header must include that trailing dot.

For example, if the URI of a page is <https://sni.velox.ch./>, the following values should be sent by the Web browser:
SNI host: sni.velox.ch
HTTP host: sni.velox.ch.

Comment 1

[:Cykesiopka]

Thanks for filing the bug. Looks like this is already filed as Bug 1008120.