[ https://issues.jboss.org/browse/WFWIP-101?page=com.atlassian.jira.plugin.... ] Jan Stourac updated WFWIP-101: ------------------------------ Description: Based on the [text from analasys|https://github.com/wildfly/wildfly-proposals/blob/master/securit...] {quote} Wildcard names use * as a wildcard, and can only be used to match a single level of subdomain in much the same way as with wildcard certificates. {quote} As such, in case I have configured SNI mapping for '.*\\.example\\.com', I expect that this mapping is selected for any single level of subdomain of example.com although, in case of any extra subdomain, this mapping is not utilized. In other words, following hostnames should match: {code} test.example.com another-test.example.com {code} although following should not be matched and default server-ssl-context shall be used instead: {code} two-sublevel.one-sublevel.example.com {code} Current behaviour also matches also 'two-sublevel.one-sublevel.example.com'. was: Based on the [text from analasys|https://github.com/wildfly/wildfly-proposals/blob/master/securit...] {quote} Wildcard names use * as a wildcard, and can only be used to match a single level of subdomain in much the same way as with wildcard certificates. {quote} As such, in case I have configured SNI mapping for ' The client got peer certificate mapped by the mapping despite the wildcard matches more than one level of a subdomain. -- This message was sent by Atlassian Jira (v7.12.1#712002)