Server Name Indication (SNI)

About

Server_Name_Indication 1) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.

It's the TLS’s equivalent of the HTTP Host header and is used in case of virtual host to select the server certificate to serve.

SNI is more and more a requirement (all of Cloudflare FreeSSL works only with SNI) because it's part the ACME challenge

Example

with Openssl

openssl s_client \
  -connect www.gerardnico.com:443 
  -servername gerardnico.com # sni settings

Support

Library

SNI is supported by all modern browsers, but outside of this it is not supported with older versions of:

  • Java (up to JDK6),
  • python (up to 2.7.9),
  • with some commonly used libraries on Android etc.

Proxy

Nginx supports it 2). The name is saved in the variable $ssl_server_name

3)


Powered by ComboStrap