id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1252	Multiplexing different hosts into one HTTP/2 connection leads to 421	Oleg Davydov		"Quote from https://tools.ietf.org/html/rfc7540:

{{{
An origin server might offer a certificate with multiple
""subjectAltName"" attributes or names with wildcards, one of which is
valid for the authority in the URI.  For example, a certificate with
a ""subjectAltName"" of ""*.example.com"" might permit the use of the
same connection for requests to URIs starting with
""https://a.example.com/"" and ""https://b.example.com/""
}}}

That means that clients (for example, google chrome) reuse connections aggressively:
— make a TLS connection to a.example.com
— receive certificate to *.example.com
— next query, to b.example.com, send to this connection, because a.example.com and b.example.com have the save ip and both are covered with certificate.

Nginx will reject second query with 421 Misdirected Request, logging «client attempted to request the server name different from that one was negotiated while reading client request headers», that is misbehavior with RFC7540 (HTTP/2)."	defect	closed	minor		other	1.11.x	invalid			Linux server 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64 GNU/Linux	"nginx version: nginx/1.11.6
built by gcc 4.9.2 (Debian 4.9.2-10) 
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled
configure arguments: —with-http_ssl_module —user=www-data —group=www-data —with-cc-opt=-O4 —with-http_gzip_static_module —with-http_flv_module —with-http_mp4_module —with-file-aio —prefix=/etc/nginx —sbin-path=/usr/sbin/nginx —conf-path=/etc/nginx/nginx.conf —error-log-path=/var/log/nginx/error.log —http-log-path=/var/log/nginx/access.log —pid-path=/var/run/nginx.pid —http-client-body-temp-path=/tmp/nginx.client_body_temp —http-proxy-temp-path=/tmp/nginx.proxy_temp —with-zlib-asm=pentiumpro —http-fastcgi-temp-path=/tmp/nginx.fastcgi_temp —add-module=/root/ngx_http_bytes_filter_module —with-ld-opt=-static —with-cc-opt='-static -static-libgcc' —with-http_secure_link_module —with-http_addition_module —with-http_realip_module  —with-threads —with-debug —with-http_sub_module —add-module=../nginx-rtmp-module —with-stream —with-stream —with-http_v2_module —add-module=../ngx_http_enhanced_memcached_module —with-http_slice_module"