Do modern web browsers always send the web server's hostname in the SNI extension header?

Asked Mar 05 '15 at 09:42

Active Mar 05 '15 at 11:12

Viewed 286 times

When a web browser that supports Server Name Indication (SNI) connects to an HTTPS site, does it ALWAYS send the hostname in the SNI field?

That is, there is no way for a web browser to know if the HTTPS site it is connecting to is the only HTTPS site hosted on the hostname's IP, or if there is SNI-enabled HTTPS name-based virtual hosting happening on that IP, correct?

Web proxies should be able to examine the unencrypted SNI header and do website blocking based on the hostname instead of just blocking based on the IP address as they do now for HTTPS sites, right?

All major browsers except for IE6/7 on Windows XP appear to support SNI.

Thanks.

edited Mar 05 '15 at 11:12

asked Mar 05 '15 at 09:42

Phillip Stewart

https://tools.ietf.org/html/rfc3546#section-3.1 – BE77Y Mar 05 '15 at 11:21
1

"clients MAY include an extension of type "server_name" in the (extended) client hello." Yes, but DO all modern browsers add it to all HTTPS requests? – Phillip Stewart May 13 '15 at 16:33

Do modern web browsers always send the web server's hostname in the SNI extension header?

0 Answers0