What is SNI and when do I need it?
SNI stands for Server Name Indication. SNI is an additional protocol to the SSL/TLS protocol that was developed as a solution to the problem of the diminishing supply of IPv4 addresses. By including the hostname with which the client wishes to set up a connection during the handshake process, a server can host multiple HTTPS-protected websites, each with their own SSL certificate, on the same IP address and TCP port number.
In order to use the SNI protocol, the SSL/TLS library must support SNI. The SNI protocol has been supported by the OpenSSL library since 2004, but since this library can be used on both a browser- and OS- level, some browsers have decided to not support SNI on every OS. This is mostly older software.
The following browsers or browser/OS combinations do not support SNI:
- Internet Explorer (all versions) on Windows XP
- Safari on Windows XP
- BlackBerry Browser
- Windows Mobile versions 6.5 and older
- Android Browser on Android 2.X
- The IBM HTTP server also does not offer support for SNI.
Frequently asked questions
About SSL certificates
- What is a common name?
- What is a private key and what is a public key?
- What is a wildcard certificate?
- What is an intermediate certificate?
- What is a root certificate?
- What is SNI and when do I need it?
- What are cipher suites?
- What is HTTP Strict Transport Security (HSTS)?
- What is OCSP?
- How does file approver work?