What is SNI and when do I need it?

SNI stands for Server Name Indication. SNI is an additional protocol to the SSL/TLS protocol that was developed as a solution to the problem of the diminishing supply of IPv4 addresses. By including the hostname with which the client wishes to set up a connection during the handshake process, a server can host multiple HTTPS-protected websites, each with their own SSL certificate, on the same IP address and TCP port number.

In order to use the SNI protocol, the SSL/TLS library must support SNI. The SNI protocol has been supported by the OpenSSL library since 2004, but since this library can be used on both a browser- and OS- level, some browsers have decided to not support SNI on every OS. This is mostly older software.

The following browsers or browser/OS combinations do not support SNI:

  • Internet Explorer (all versions) on Windows XP
  • Safari on Windows XP
  • BlackBerry Browser
  • Windows Mobile versions 6.5 and older
  • Android Browser on Android 2.X
  • The IBM HTTP server also does not offer support for SNI.