Server Name Indication (SNI)

Server Name Indication (SNI)
- About
- Example
- Support
  - Library
  - Proxy

About

Server_Name_Indication ¹⁾ is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.

It's the TLS’s equivalent of the HTTP Host header and is used in case of virtual host to select the server certificate to serve.

SNI is more and more a requirement (all of Cloudflare FreeSSL works only with SNI) because it's part the ACME challenge

Example

with Openssl

openssl s_client \
  -connect www.gerardnico.com:443 
  -servername gerardnico.com # sni settings

Support

Library

SNI is supported by all modern browsers, but outside of this it is not supported with older versions of:

Java (up to JDK6),
python (up to 2.7.9),
with some commonly used libraries on Android etc.

Proxy

Nginx supports it ²⁾. The name is saved in the variable $ssl_server_name

³⁾

¹⁾

RFC6066, Server_Name_Indication

²⁾

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_server_name

³⁾

https://stackoverflow.com/questions/30691476/openssl-error-alert-handshake-failure

Recommended Pages

Automatic Certificate Management Environment (ACME)

ACME is a protocol that a certification authority (CA) and an applicant can use to automate the process of verification and issuance of domain validated certificate ACME is simple (It has almost been "...

Identification Material - Certificate (or Public Key Certificate)

A certificate is a document which permits to define with certainty the owner of the private key (ensures that the party you are communicating with is whom you think.) because it's digitally signed A c "...

Network Cryptographic (SSL/TLS)

in Cryptography. The cryptographic protocols are used to encrypt the data stream between a server (for instance a web server) and a client (for instance, a browser). There is basically one (SSL, TLS) "...

Openssl

(libcrypto) openssl is a command line client tool that permits to test, manage and see what happens in a TLS world (ie new name for SSL) Typical use case See Obtain a valid Certificate for a Secured "...

What is and how works a virtual host / custom domain / vanity hostnames

This article gives you an overview on how and where virtual hosting / custom domain is implemented.

Share this page:

Server Name Indication (SNI)

Table of Contents

About

Example

Support

Library

Proxy

Recommended Pages

Automatic Certificate Management Environment (ACME)

Identification Material - Certificate (or Public Key Certificate)

Network Cryptographic (SSL/TLS)

Openssl

What is and how works a virtual host / custom domain / vanity hostnames