Stack Overflow
Stack Overflow

Questions tagged [sni]

Server Name Indication, essential TLS extension for virtual hosting

Server Name Indication is a TLS extension benefiting virtual hosting by permitting different domain hosted on a single IP address to have a different certificate per hostname. it was first standardized in 2003 in RFC 3546. The most current version is documented in RFC 6066.

Even after ten years, support of this extension by tools and libraries can still be lacking but is becoming quasi universal.

329 questions
11
votes
2 answers

SNI Dynamic Certificate

I'm pulling my hair out here. Websites like wix.com, squarespace.com ...etc; can generate websites on the fly and still use SSL on every one of the millions of custom domains. I try to do the same thing, but I can't figure out how they do it!? The…
Fractal Mind
  • 405
  • 4
  • 10
9
votes
2 answers

ssl.get_server_certificate for sites with SNI (Server Name Indication)

I am trying to get the server certificate of badssl.com subdomains (ex. https://expired.badssl.com). import ssl ssl.get_server_certificate(('expired.badssl.com', 443)) But when examining the above generated certificate I see that the certificate…
vishal
  • 1,081
  • 2
  • 10
  • 27
9
votes
3 answers

HowTo setup Tomcat serving two SSL Certificates using SNI?

According to these two answers [1] [2] it's possible to have two SSL certificates serving from the same Apache Tomcat using Server Name Indication (SNI). My question is then, how to setup this? I could setup two virtual hosts but I still have then…
nexus
  • 2,937
  • 3
  • 17
  • 22
8
votes
1 answer

Detecting browser's SNI support

I would like to know if there is any way to find out if a browser making an HTTP request supports SNI, other than verifying the user agent and guessing. I would consider server or client side options. What I would like to do is set up SSL…
Gerry
  • 208
  • 1
  • 4
8
votes
1 answer

Does AWS NLB pass through SNI values when terminating TLS? (Routing via SNI)

AWS Network Load Balancers support TLS termination. This means a certificate can be created in AWS Certificate Manager and installed onto a NLB and then TCP connections using TLS encryption will be decrypted at the NLB and then either re-encrypted…
John
  • 10,837
  • 17
  • 78
  • 141
8
votes
2 answers

Server Name Indication support in Net::HTTP?

I'm trying to get Ruby's Net::HTTP implementation to work with SNI. Both mail.google.com and gmail.com live on the same IP address, so when connecting via SSL, the Google server needs to know which certificate to use. By default, it returns the…
Bob Aman
  • 32,839
  • 9
  • 71
  • 95
8
votes
1 answer

In Java 8 can HttpsURLConnection be made to send server name indication (SNI)

The Oracle documentation seems to indicate Java 8 sends SNI automatically and by default. Wireshark indicates otherwise. I'm a PowerShell sysadmin, not a Java developer, so it's near-certain I'm overlooking something. When used with the proper…
codepoke
  • 1,272
  • 1
  • 22
  • 40
8
votes
2 answers

Apache CXF client error in testing server which needs Server Name Indication (SNI)

we had a client made with Apache CXF which was working Ok, using certain server(i.e: https://serverexample.com/application/webservice?wsdl). But the server has moved to another IP, and now it has two SSL Certificates with TLS and SNI(Server Name…
Aitor
  • 3,309
  • 2
  • 27
  • 32
7
votes
2 answers

Does Spring Boot support Server Name Indication (SNI)?

Does Spring Boot support Server Name Indication (SNI)? Specifically, is it possible for a Spring Boot (2.2.2.RELEASE) application running an embedded Tomcat server and packaged as an executable jar file to support multiple SSL certificates/domains…
Patrick Mercer
  • 141
  • 1
  • 7
7
votes
1 answer

SSL connection failing with no Certificate Request from the server, connecting to Nginx on AWS from a local Websphere AS running on Java 6

I'm having a hard time connecting to a service with client authentication. The service ("SecureService") is on AWS. The clients are on a Linux VM on my Mac. Nginx on SecureService enforces Client Authentication on the resource I'm accessing on port…
Marco
  • 111
  • 2
  • 8
7
votes
2 answers

Apache HTTPS reverse proxy with SNI without key on the proxy

example1.com and example2.com resolve to host0. host0 runs an Apache reverse proxy with two VirtualHosts. It delegates requests for example1.com to host1 and for example2.com to host2. Using http in all places, that clearly can be made to…
Johannes Ernst
  • 3,072
  • 3
  • 42
  • 56
7
votes
4 answers

What is the most efficient code to detect and redirect SNI supported browsers?

Say, I have a website mywebsite.com, hosted using Apache Httpd. Now what I want is that whenever any user types mywebsite.com or www.mywebsite.com and if the browser supports SNI then it should redirect to https://www.mywebsite.com else redirect to…
user3243499
  • 2,953
  • 6
  • 33
  • 75
7
votes
1 answer

Serving multiple domains in one box with SNI

I'm using OpenSSL 0.9.8q in FreeBSD-8.2. I have 3 virtual hosts on my system and want to implement SNI to serve for all 3 of them in one server. I have 3 separate certificates one for each, and in my ssl-server code I have to somehow find out what…
M.V.
  • 85
  • 1
  • 4
7
votes
2 answers

Server Name Indication from C#

As far as I can tell, there seems to be a big limitation in .NET in that there is no way using C# and .NET to make an TLS connection that uses Server Name Indication (SNI). Have I missed something or is my understanding correct? Does anybody know if…
woollybrain
  • 843
  • 1
  • 8
  • 12
6
votes
1 answer

does ssh use sni headers and how SNI inject to ssh tunnel connection

There are lot of tools change the sni in data packet. Does ssh use sni or how HTTP injector likes software change the SNI and browse the around the internet.
wisnshaftler
  • 91
  • 1
  • 10
1
2
3
21 22