Stack Overflow
Stack Overflow

Questions tagged [sni]

Server Name Indication, essential TLS extension for virtual hosting

Server Name Indication is a TLS extension benefiting virtual hosting by permitting different domain hosted on a single IP address to have a different certificate per hostname. it was first standardized in 2003 in RFC 3546. The most current version is documented in RFC 6066.

Even after ten years, support of this extension by tools and libraries can still be lacking but is becoming quasi universal.

329 questions
4
votes
1 answer

Maximum number of certs on SNI server?

We have dozens of thousands of domains which we host. We want to provide SSL/TLS for all of them, on a single I.P. Apparently, SNI allows us to do this. However, this suggests having literally dozens of thousands of certificates at our SSL…
lance.dolan
  • 3,493
  • 27
  • 36
4
votes
0 answers

How many server blocks can I add in Nginx Conf?

I found this question How many server blocks can I add in Nginx Conf But I don't think adjust server_names_hash_bucket_size and server_names_hash_max_size is the answer. Because the explanation from Nginx is this: If a large number of server names…
Bruce Mu
  • 893
  • 11
  • 22
4
votes
0 answers

Can we Use AFNetworking/NSURLSession support Set SNI And support HTTP/2?

Background Introduction: In the front of the building support HTTPS proxy server, usually the certificate will have a headache problem.According to the working principle of HTTPS, the browser to access a HTTPS site, the first to establish the SSL…
Z.C
  • 41
  • 3
4
votes
1 answer

How to specify server IP for a HTTP request instead of DNS

What I want: Specify server IP for NSMutableURLRequest to avoid localDNS query. Common method: Replace host field in URL and specify the HOST Header field for the HTTP request. request = [[NSMutableURLRequest alloc] initWithURL:[NSURL…
Ryan
  • 235
  • 3
  • 11
4
votes
3 answers

Testing if a URL requires SNI

I have a site which is served over HTTPS, but which iTunes can't find. My suspicion is that it's related to the iTunes backend server being Java 6, and Java 6 not supporting SNI. SSL Labs seems to hint that my site does require SNI (see this report,…
Dominic Rodger
  • 97,747
  • 36
  • 197
  • 212
4
votes
1 answer

Supporting SNI in AFNetworking

I have a root certificate that is used to sign with different sub-domain names on the server which is basically implementation of SNI in backend. Now How can I use that certificate and sub-domain name to validate the request.
Manish Agrawal
  • 10,958
  • 6
  • 44
  • 76
4
votes
2 answers

nginx using wrong ssl certificate

I have nginx set to serve several sites using subdomains. I set the first one to use ssl as follows: ssl on; ssl_certificate /etc/nginx/certs/subdomain1.domain.crt; ssl_certificate_key /etc/nginx/certs/subdomain1.domain.key; This works…
nmpg
  • 561
  • 2
  • 10
  • 24
4
votes
1 answer

Setting up TLS1.2 connection which supports SNI

We are trying to setup TLS1.2 connection. Have downloaded the latest OpenSSL in the Macbook. Using this code to create the TLS1.2 connection. However this particular line is possibly causing the issue. It uses TLSv1. /*…
iammilind
  • 68,093
  • 33
  • 169
  • 336
4
votes
2 answers

How to disable SSLv3 fallback with okhttp

My android application relies on SNI to access the correct server, so it requires TLS and won't work with SSLv3. I'm using okhttp and retrofit and server logs indicate that suddenly TLS handshakes switch to SSLv3 and may stay this way for a log…
hdante
  • 7,685
  • 3
  • 31
  • 36
4
votes
3 answers

TLS extension "Server Name Indication" (SNI): value not available on server side

Based on the JSSE examples, I'm trying to get the value of the TLS parameter "Server Name Indication" (SNI) on the server side - without success. I'm sure that the value is sent by the client since I used a network sniffer (Wireshark) that shows the…
J. Riesmeier
  • 1,641
  • 10
  • 14
4
votes
2 answers

Default certificate for SNI (Server Name Indication)

Short description For Windows Server 2012: Is there a way to define a default-certificate in case the client does not support SNI? Long description We are currently configuring a Windows Server 2012 that - for technical reasons - does only have a…
Andreas
  • 1,997
  • 21
  • 35
4
votes
4 answers

Does buildout/easy_install/setup_tools verify SSL certificates?

I'm trying to diagnose this error: Getting distribution for 'zc.buildout<2dev'. Got zc.buildout 1.7.1. Generated script '/opt/mytardis/releases/a549cd05272afe8f16c2fe5efe8158490acbde82/bin/buildout'. Download error on…
Steve Bennett
  • 114,604
  • 39
  • 168
  • 219
4
votes
1 answer

How do I make apache SNI hosts without certificates redirect to http address?

I have an apache server with multiple named hosts all working fine for port 80 http traffic. (A VPS with one unique IP address) I have one domain that has a SSL certificate and that domain is configured to handle both http and https traffic.…
Spencer Westwood
  • 71
  • 7
3
votes
1 answer

Does WCF support SNI (Server Name Indication)

I would like to consume a 3rd party WCF service using basic authentication, but I also need to use SNI. I've hacked together the following example (minus real endpoint stuff) to show what I've setup and the error I get. Any help much appreciated as…
iandayman
  • 4,357
  • 31
  • 38
3
votes
2 answers

Setup SNI/SSL in cPanel

I am looking to setup SNI under cPanel, and while I know it's not directly supported just yet: http://forums.cpanel.net/f145/case-46856-sni-server-name-indicator-ssl-support-cpanel-83661.html That doesn't mean it can't be done as far as I'm…
Kerry Jones
  • 21,806
  • 12
  • 62
  • 89
1 2 3
21 22