Server Name Indication

Jump to: navigation, search

Server NAME INDICATION (SNI) is an extended form of TLS protocol. SNI demonstrates what hostname the user is aiming to get connected with, at the outset of the handshake process. SNI helps server to connect with the right virtual domain by providing multiple certificates on the same port and IP address. This helps in serving multiple (HTTPS) secured websites on the same IP address. To implement SNI, it is imperative that the users use the SNI supported web browser. The users whose web browser does not support SNI are presented with a default certificate. They may also receive certain warnings if the server is not incorporated with the certificate matching the name of the website.

In the year 2003, server name indication was added to IETF's Internet RFCs through RFC 3546, Transport Layer Security Extensions. The latest version of the SNI is RFC 6066.

Browsers that support for TLS SNI are Internet Explorer 7 and above, Mozilla Firefox 2.0 or later, Opera 8.0 (2005) or later, Opera Mobile at least version 10.1 beta on Android, and Google Chrome. The SNI does not support Windows XP, and Internet Explorer 8.

Servers that support TLS SNI are Apache 2.2.12 or above version using mod_gnutls or mod_ssl[,Microsoft Internet Information Server IIS 8, Hiawatha (web server) 8.6 or above, Apache Traffic Server 3.2.0 or above, etc. Moreover, it does not support IBM HTTP Server.

Libraries that support TLS SNI are Mozilla NSS 3.11.1, OpenSSL, GnuTLS, CyaSSL, etc.


1. Server Name Indication - Wikipedia, the free encyclopedia