Epiphany sends malformed SNI host names
Submitted by Alex Yst
To quote a couple specifications: https://tools.ietf.org/html/rfc6066#section-3 (SNI) "HostName" contains the fully qualified DNS hostname of the server, as understood by the client. The hostname is represented as a byte string using ASCII encoding without a trailing dot.
https://tools.ietf.org/html/rfc7230#section-5.4 (HTTP) A client MUST send a Host header field in all HTTP/1.1 request messages. If the target URI includes an authority component, then a client MUST send a field-value for Host that is identical to that authority component, excluding any userinfo subcomponent and its "@" delimiter (Section 2.7.1).
That means that the SNI host name and HTTP Host header do not always match. The SNI host name must never have a trailing dot, but the HTTP Host header must reflect a host name that is identical to the host name of the URI, so if the URI's host has a trailing dot, the HTTP Host header must include that trailing dot.
For example, if the URI of a page is https://sni.velox.ch./, the following values should be sent by the Web browser: SNI host: sni.velox.ch HTTP host: sni.velox.ch.
However, Epiphany sends "sni.velox.ch." as the SNI host name, causing the server to throw an error.