What is Server Name Indication (SNI) & How it Works?by Compare Cheap SSL compare ssl certificate
SNI or server name indication is an addition or an extension to the TLS protocol which again stands for transport layer security. So, basically server name indication allows the client to indicate the host where it wants to terminate the encrypted session.
It allows a server to present multiple certificates on the same IP address and TCP port number and hence allow multiple secure (https) websites to be served by the same IP address without requiring all those sites to use the same certificate.
How it works?
While working with TLS, let’s suppose you have an IP address which has a virtual server on which you want to host multiple secure sites. Now, you want to direct a client to one of those secure websites with only a single virtual server in act.
Now, the question arises how you are gonna do that. So, now the SNI comes into the act. Every site has their own digital certificates. Before any handshaking process the client demands a digital certificate from the server. The server sends the certificates and the client matches the name on the certificate with which it wants to form the connection. If the certificate matches, then the client proceeds further and allows the server to make the connection. However, if there is a mismatch of the certificates then the server automatically shows the discrepancy and the connection is aborted.
Now, you can consider SNI as a blessing in disguise because before SNI was introduced every secure website requires a unique IP address which was highly costly and made the encryption process a tad bit tedious.
But, there is a disadvantage too. As every good thing comes with a side effect too. It consumes a lot more of IPv4 address which is 32 bit numeric internet protocol address. So, mathematically 32 bit means that it can comment to 2n number of devices.
So, 2 raised to the power of 32 = 4,294,977,962 billions devices
Which is not sufficient considering the fact that there are trillions and zillions of connected devices used globally by the people.
So, we are trying to overcome that issue by shifting toward newer version of IP address that is IPv6 which is 128 bits of protocol which means that it can get connected to approximately trillions of devices.
Created on Dec 22nd 2019 10:57. Viewed 122 times.