Server Name Indication

From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search

Server Name Indication is a feature that improves the SSL and TLS protocol. It permits the client to request the domain name, before the certificate is committed to by the server. This is essential for using TLS in virtual hosting mode.


TLS background

One of the most common methods of encrypting a stream-oriented communication session is the Transport Layer Security (TLS) protocol. It is used, for example, when a user types "https" in a browser's URL field.

In order to confirm that the site to which the user wants to connect is actually the site to which the browser connected, TLS uses a digitally-signed certificate that includes the domain name of the site. Client-side software (browsers) generally accepts the certificate as "trusted" because it is signed by a certification authority listed in its internal "root list".

In the TLS startup phase, the client software compares the user-entered domain part of the URI with the domain name found in the server's certificate (CN or subjectAltName). Should the comparison fail, the browser will warn the user that there is something wrong with the certificate of the site.

The flaw

The design of SSL v2 follows classical public key infrastructure (PKI) expectations of one server, one service, and therefore, one certificate. This meant that the server could select and send the certificate in the early stages of the startup because it knew what domain it was serving.

With virtual hosting, a common feature of HTTP servers, each server provides many domains through the same address. The server examines each request to determine which domain is being served. This information is found for example in the HTTP request headers. Unfortunately, when setting up TLS encryption, the server has already selected and sent the certificate based on the destination IP address, and thus the domain being served, before it reads the domain name in the HTTP request.

Therefore, the simple approach to secure virtual hosting results in the wrong certificate (a default) being used, which causes the browser to warn the user.

Phishing connection

In practice, this means that each HTTP server can only serve one domain per IP address and port for secured browsing. As the de facto server situation is for many domains to be served by each webserver, the result is that the remaining web servers are effectively stopped from using secure communications, leaving much of the web unsecured. Additionally, lack of secure browsing also means that the browser is unable to authenticate the server, meaning it is unable to verify that the site really belongs to the person or entity it claims to belong to. This is an important factor in phishing schemes, which seek to obtain information from users by posing as another site. With an SSL or TLS secured connection, your browser can attempt to authenticate the site based on its certificate. The phisher's site will fail to authenticate as the site it is spoofing, and your browser can alert you to the security risk. Without secure HTTP, however, there is no standard way to authenticate the server, making such schemes much more feasible.

The fix

An extension to TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual domain as part of the TLS negotiation.[1] This enables the server to "switch" to the correct virtual domain early and present the browser with the certificate containing the correct CN.


In 2005, it was realised that there was no easy upgrade path from SSL v2 to TLS, and the websites had to upgrade their software. To push them along, Mozilla signalled the complete dropping of support for SSL v2.[2] The Firefox community convinced the remaining 2000Template:Which? sites to upgrade their servers to SSL v3 or TLS v1.

Since 2005, CAcert has run experiments on different methods of using TLS on virtual servers.[3] Most of the experiments are unsatisfactory and impractical. For example, it is possible to use subjectAltName to contain multiple domains in a single certificate, but as this is one certificate, this means all the domains must be owned and controlled by one person, and the certificate has to be re-issued every time the list of domains changes.

In 2004, a patch for TLS/SNI into OpenSSL was created by the EdelKey project.[4] In 2006, this patch was then ported to the development branch of OpenSSL, and in 2007, it was backported to OpenSSL 0.9.8 which is the current release version.



Browsers with support for TLS server name indication:[5]



  • Mozilla NSS 3.11.1[13] client side only
  • OpenSSL
    • 0.9.8f (released 11 Oct 2007) - not compiled in by default, can be compiled in with config option '--enable-tlsext'.
    • 0.9.8j (released 07 Jan 2009) - now compiled in by default
    • Unreleased 0.9.9 is likely to include SNI compiled in by default.
  • GNU TLS[14]

Unsupported operating systems, browsers and libraries

The following combinations do not support SNI:



  • Microsoft Internet Information Server IIS (As of 2009).



  1. "TLS Server Name Indication". Paul’s Journal. 
  2. Markham, Gervase. "SSL2 must die: help wanted". 
  3. "CAcert VHostTaskForce". CAcert Wik. 
  4. "EdelKey Project". 
  5. Brand, Kaspar (2009-03-29). "TLS SNI Test Site". 
  6. "Bug 34607: Support for Server Name Indication". Apache Software Foundation. 
  7. "Revision 776281: adding support for Server Name Indication to the Apache 2.2.x branch". Apache Software Foundation. 
  8. "CHANGES: Server Name Indication support is listed under the changes for Apache 2.2.12". Apache Software Foundation. 
  9. Notaras, George (2007-08-10). "SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls". 
  10. #386 (TLS servername extension (SNI) for namebased TLS-vhosts) - lighttpd - Trac
  11. 1.4.24 - now with TLS SNI and money back guarantee
  12. acWEB home page
  13. NSS 3.11.1 Release Notes
  14. TLS Extensions
  15. Bug 174933: konqueror does not send correct SNI hostname to https server
  16. 188841 - It would be useful if QSslSocket supports TLS extensions such as Server Name Indication as per RFC 3546
  17. Qt Patch and merge request
  18. NSS Roadmap (as of 11 September 2009)
  19. Support TLS SNI extension in ssl module

External links

de:Server Name Indication

Personal tools

Served in 0.421 secs.