Server Name Indication

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.^[1] The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

^ Blake-Wilson, Simon; Nystrom, Magnus; Hopwood, David; Mikkelsen, Jan; Wright, Tim (June 2003). "Server Name ssl_ocsp_responderIndication". Transport Layer Security (TLS) Extensions. IETF. p. 8. sec. 3.1. doi:10.17487/RFC3546. ISSN 2070-1721. RFC 3546.

[rfc3546-1] Blake-Wilson, Simon; Nystrom, Magnus; Hopwood, David; Mikkelsen, Jan; Wright, Tim (June 2003). "Server Name ssl_ocsp_responderIndication". Transport Layer Security (TLS) Extensions. IETF. p. 8. sec. 3.1. doi:10.17487/RFC3546. ISSN 2070-1721. RFC 3546.

[1]

Server Name Indication

From Wikipedia, the free encyclopedia · View on Wikipedia