In a shared hosting environment, multiple users often need their own SSL certificates. However, this is a problem, because a dedicated IP address is required. IPv4 is officially exhausted, and dedicated IPs cost more money for both the customer and the host.
Furthermore, any request for new IP addresses must be justified to the regional internet registry (RIR). And soon SSL will no longer a good reason. It’s 2016. We have SNI now.
A dedicated IP is no longer needed to have a secure site.
Introducing SNI
Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) protocol. It’s the modern version of SSL.
Instead of security based on IP, SNI uses the virtual domain name. SNI dictates which hostname is being contacted on the server during the ‘handshake’. The server then selects the correct virtual domain.
For site visitors, nothing has changed. The browser still shows the certificate that verifies HTTPS security. In fact, for hosting users, nothing has changed either. SNI is treated like SSL in most modern panels like cPanel or Plesk.
Limitations of SNI
Not all web servers and client browser programs support SNI. Browsers that do not support SNI will look at the server (IP) default SSL, and likely fail, showing a certificate warning. Operating system can be another limitation – and a confusing one! For example, Windows XP with Internet Explorer does not support SNI, but XP with Firefox 2 or higher can.
However, anything not supporting SNI tends to be really old technology.
Minimum supported browsers (and OS combinations)
- Internet Explorer 7 (Windows Vista or newer)
- Mozilla Firefox 2
- Opera 8
- Google Chrome 1 (Windows Vista or newer)
- Safari 3 (Mac OS X 10.5.6 / Windows Vista or newer)
- MobileSafari (Apple iOS 4)
- Default Browser on Android HoneyComb
Minimum supported web servers
- Apache 2.2.12
- Microsoft IIS 8
- Nginx
- Radware
- Cherokee with TLS 6
- Hiawatha 8.6
- LiteSpeed 4.1
- HAProxy 1.5
- Ping Access 3
- Lighttpd 1.4 with patch
Conclusion
SNI is a great feature, and helps make efficient use IPv4. Hosting service provider can save IP inventory, and website owners save on the hosting bill. SNI is certainly a win-win situation.
As one of the first hosts to embrace SNI, EuroVPS has extensive knowledge in its setup. Let us secure your site today.