Questions tagged [sni]

Server Name Indication(SNI) is an extension of Transport Layer Security which allows multiple secure web sites, with separate certificates, to be hosted at the same IP address

Server Name Indication addresses a common issue where websites with an SSL certificate had to live on separate IPs. This exacerbated the IPv4 shortage, as well as defeated the purpose of virtual hosting, where multiple non-secured sites could share the same IP (note that websites sharing a common certificate can always share an IP).

SNI is based on IETF RFC 4366, which, as part of Transport Layer Security(TLS), allowed the hostname to be sent in the initial stages of the TLS handshake. This allowed websites with different certificates to be hosted on the same IP.

SNI is supported by all major browsers and all major web servers. It requires OpenSSL 0.9.8f or later

Browser Support

Mozilla Firefox 2.0 or later
Opera 8.0 or later (with TLS 1.1 enabled)
Internet Explorer 7.0 or later (on Vista, not XP)
Google Chrome
Safari 3.2.1 on Mac OS X 10.5.6

Server Support

Apache v2.2.12 or later
Nginx 0.5.32 or later
IIS 8.0 or later

191 questions

votes

1 answer

How to force a specific routing based on SNI in HAProxy?

I have the following HAProxy configuration: listen sni-443 bind *:443 mode tcp timeout connect 4s timeout client 3m timeout server 3m tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1…

https haproxy sni

asked Sep 23 '21 at 18:34

Torsten Bronger

votes

0 answers

Disable SNI on Apache

I've a Windows Server 2016 installed with Apache 2.4.37 In the Apache server, I've setup multiple virtual host like: abc.host.com def.host.com ghi.host.com All this virtual host share the same IP address and certificate in wildcard…

apache-2.4 https sni

asked Jul 23 '21 at 19:36

ruby.lee

votes

1 answer

select an haproxy tcp back end depending on source ip

I have basic haproxy knowledge and know how to handle the selection of tcp backends depending on the SNI server name. The relevant lines are acl is_myhost req.ssl_sni -i my.host.com acl is_otherhost req.ssl_sni -i other.host.com …

ssl haproxy sni

asked Jun 30 '21 at 01:13

gelonida

votes

1 answer

nginx behind haproxy - pages randomly loading regardles of submited domain

I currently have one web server (10.0.0.77) running nginx with multipple vhosts (couple of wordpress sites and nextcloud installation) all running on 1 IP address and everything is secured with a wildcard cert. That is working fine - both internally…

nginx haproxy sni

asked Dec 17 '20 at 21:28

Paul

votes

1 answer

Postfix SSL USING SNI

I What to give assign multiple SSL cert to Multiple Domains I have manage to do so : by creating a single wild card SSL cert (e.g mail.example.com , mail.example2.com, etc) But I Want Each domain to have its own ssl cert. Like So smtpd_tls_cert_file…

mysql postfix sni

asked Aug 13 '20 at 13:26

Bc96

votes

1 answer

SNI in pure-ftpd

I'm looking for SNI support in pure-ftpd. I found some documentation here: https://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS Please read section CUSTOM CERTIFICATE HANDLERS in the above link. It specifies the use of service pure-certd. But…

centos sni pureftpd

asked Aug 01 '20 at 06:23

Dirty_Programmer

-1

votes

2 answers

How To Ristrict SSL for one domain in VHOST Apache2

I have configured Vhost on apache2.it is a name based configuration. First domain is ssl-secure and second one is non ssl-secure site.All are working fine if hit in browser address bar https://www.domain1.com/page1/ and http://domain2.com/page2/ .…

php ssl apache-2.4 ubuntu-16.04 sni

asked May 18 '18 at 06:52

sandysandeep441

-1

votes

1 answer

TLS SNI alternative in apache

Is it possible to serve different public certificates based on the port the client is connecting? I am aware that using SNI (in conjunction with NameVirtualHost) server will respond with appropriate certificate. I would like to be able aside from…

apache-2.2 tls sni

asked Dec 22 '15 at 12:52

igobivo

-1

votes

1 answer

Is it possible to log the IP address for SNI in apache logs on errors?

Is it possible to log the IP address associated with SNI in the apache logs? I realize that this is SSL when it connects, so if its not now, Im wondering if apache would add it so at least we could get the IP address when I see the following in my…

apache-2.2 sni

asked May 15 '13 at 15:59

Tim

-1

votes

1 answer

What is SNI (with specific reference to Plivo)

Plivo have announced that they are depreciating their Legacy Messaging API for SNI. I've been unable to find any documentation on the topic (ideally with code samples) on their portal. I'm not been able to figure out how to configure my end point…

sni stunnel

asked Sep 08 '21 at 12:36

chribonn

-3

votes

1 answer

How do I send different SSLCertificateFile based on SSL_TLS_SNI environment variable?

Idea is to run a wildcard cert off an internal CA for *.domain.com, while public-facing domain.com site is validated by a world recognized CA. Application serving requests is the same though, so I'd think keeping a single VirtualHost configuration…

apache-2.2 ssl wildcard-subdomain sni

asked Apr 14 '14 at 05:48

lkraav

Prev 1 2 3

…