SNI (Server Name Indication) method
SNI (Server Name Indication) is a method that allows multiple domains and TLS certificates to be used on a single web server and IP address. Thanks to SNI, when a client connects, the server can identify which of the virtual servers the client wants to see and sends the correct TLS certificate for the correct domain. Without SNI support, he would send any certificate to the client because he wouldn't know which domain he wanted to see.
SNI Advantages and disadvantages
Thanks to SNI support on the server, you do not have to assign each domain with a TLS certificate (virtual server) a separate IP address, as it was before. The server agrees with the client's browser and sends it the correct TLS certificate.
The disadvantage is incompatibility with older systems and browsers, such as Windows XP. A complete overview of frequently used software compatibility is provided below.
SNI software support
Browsers
Browsers supporting TLS server name indication
- Mozilla Firefox 2.0 and later
- Opera 8.0 or later (TLS must be enabled)
- Internet Explorer 7 (Vista, not XP) or later
- Google Chrome (Vista and above, XP since version 6)
- Safari 3.2.1 Mac OS X 10.5.6 and later
Mobile Browsers
- Android - default Honeycomb browser (v3.x +)
- Opera Mobile since version 10.1 beta
- Windows Phone 7
- MobileSafari on Apple iOS 4.0 and later
Servers supporting SNI
- Microsoft Internet Information Server IIS 8
- Apache 2.2.12 or later with mod_gnutls or mod_ssl support
- Cherokee if compiled with TLS support
- New versions of lighttpd 1.4.x and 1.5.x
- Nginx with built-in OpenSSL with SNI support
Unsupported operating systems and browsers without SNI support
Operating systems and browsers
- Windows XP and all versions of Internet Explorer on this system
- Internet Explorer 6 and below
- Safari on Windows XP
- Konqueror / KDE less than 4.7
- Microsoft Internet Information Server IIS up to and including version 7
- Android browser 2.x
- Windows Mobile to 6.5
Source: article about SNI at Wikipedia.com
We are sorry that you did not find the required information here.
Please help us to improve this article. Write us what you have expected and not found out.