What does Server Name Indication (SNI) mean? Print

  • SNI, SSL, Certificate, SSL Certificate
  • 48

Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS.

To make SNI useful, as with any protocol, the vast majority of visitors must use web browsers that implement it. Users whose browsers do not implement SNI are presented with a default certificate and hence are likely to receive certificate warnings.
Please refer the below table to see which browsers/platforms did or did not implement SNI support.

SNI Support
Software Type Supported Notes Supported Since
Internet Explorer Web browser Yes Since version 7 on Vista (not supported on XP) 2006
Mozilla Firefox Web browser Yes Since version 2.0 2006
cURL Command-line tool and library Yes Since version 7.18.1 2008
Safari Web browser Yes Not supported on XP  
Google Chrome Web browser Yes Since 6.0 2010
BlackBerry OS Web browser Yes 7.2 or later  
Windows Mobile Web browser Yes Some time after 6.5  
Android default browser Web browser Yes Honeycomb (3.x) for tablets and Ice Cream Sandwich (4.x) for phones 2011
wget Command-line tool Yes Since version 1.14 2012
Nokia Browser for Symbian Web browser No    
Opera Mobile for Symbian Web browser No Not supported on Series 60  
IBM HTTP Server Web server No    
Apache Tomcat Web server Yes Not supported in 8 or earlier  
Apache HTTP Server Web server Yes Since version 2.2.12 2009
Microsoft IIS Web server Yes Since version 8 2012
Qt Library Yes Since version 4.8 2011
Mozilla NSS server side Library No    
Java Library Yes Since version 1.7 2011
Go Library Yes Since version 1.4 2011
Perl Library Yes Since Net::SSLeay version 1.50 and IO::Socket::SSL version 1.56 2012
PHP Library Yes Since version 5.6.x 2014
Python Library Yes Supported in 2.x from 2.7.9rc1 and 3.x from 3.2alpha4
(in ssl, urllib and httplib modules)
2011 for Python 3.x and 2014 for Python 2.x

Was this answer helpful?

« Back