Placeholder canvas

HTTPS with SNI may not work very well for your website

Most websites use the HTTPS protocol and make it through the SNI (Server Name Indication). A server may present several security certificates in the same IP address. So far, this shows an advantage!

 

Why HTTPS with SNI can cause problems

 

The problem is not in the SNI or the HTTPS protocol. The problem is that SNI is not supported by all clients (libraries of languages) and browsers. So when accessing an https site using the SNI server, problems may occur, and the website cannot be opened. Summarizing the story, not every website has a website delivering SSL. Based on SNI, it will open.

 

Any implementation of an SSL certificate requires a study due to the open configuration in all the browsers on desktop devices or mobile.

 

The main browser that does not support SNI is Explorer running on Windows XP (believe me, some people still use it). Other browsers may have that block page with the message (that of the Guardinha icon).

 

 

But that does not always happen. The TLS client requests a digital certificate from the web server to make a connection. Once the server sends the certificate, the association continues as usual if a match occurs. Otherwise, the user can be informed of the discrepancy, and the connection can abort as the mismatch may indicate an attempt to attack man-in-the-middle.

 

 

List of HTTPS sites with SNI worldwide

 

In practice, this means that an HTTPS server can only serve a domain (or small group of fields) for each IP address for safe navigation? Will it be? The type of SSL certificate offered by Let’s initiative Encrypt is getting well solves this problem, and it is good to take a look.

 

Solution

 

Assigning a separate IP address for each location increases the cost of hosting. After all, each IP address request must be justified, and IPv4 addresses are exhausted. It turns out that many sites are effectively prevented from using secure communications over IPv4. Already IPv6 is an address space that is not finished. So sites using IPv6 are not affected by this problem.

 

Did you like the text? Then share.

 

Want faster WordPress?

WordPress Speed Optimization

Try our AWS powered WordPress hosting for free and see the difference for yourself.

No Credit Card Required.

Whitelabel Web Hosting Portal Demo

Launching WordPress on AWS takes just one minute with Nestify.

Launching WooCommerce on AWS takes just one minute with Nestify.