Server Name Indication

Server Name Indication

One of the most common method of encrypting a stream-oriented communication session is the Transport Layer Security (TLS) protocol. It is used, for example, when somebody types "https" in their browser.

In order to guarantee that the site to which the user wanted to connect is actually the site to which the browser connected, TLS compares the user entered host part of the URI with the common name (CN) from the server provided certificate. Should the comparison fail, the browser will warn the user that there is something wrong with the certificate of the site.

Due to the fact that this comparison is done in the early stages of the TLS negotiation, the client receives the server's CN before information which is required to implement virtual hosting (such as the [] "host" header) is sent to the server. Therefore, it is impossible to implement secure virtual hosting without having the browser warn the user.

An extension to TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual host as part of the TLS negotiation. This enables the server to "switch" to the correct virtual host early and present the browser with the certificate containing the correct CN.



Browsers with support for TLS server name indication:


Unsupported Operating Systems and Browsers

The following combinations do not support SNI.


External links

Search another word or see Server Name Indicationon Dictionary | Thesaurus |Spanish
Copyright © 2015, LLC. All rights reserved.
  • Please Login or Sign Up to use the Recent Searches feature