Just a quick question, if we can reach consensus here:
mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when strict_sni_vhost_check is enabled and a request comes in without SNI.
Question: is a downgrade from ERR to INFO/DEBUG backportable or do we consider this a break of compatibility?
Rationale: This is annoying me in my logs where I scan for errors daily. While I can filter this out, I'd rather have the server behave better by default. The requests at my server are done by scanners, who monitor responses on port 443. Nothing I can do about and they will not go away.