DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

SBOMs are essential to circumventing software supply chain attacks, and they provide visibility into various software components.

Related

  • Java Enterprise Matters: Why It All Comes Back to Jakarta EE
  • What They Don’t Teach You About Starting Your First IT Job
  • MySQL Formatter: How to Make Beautiful Code and Why You Need It
  • The Rise of Shadow AI: When Innovation Outpaces Governance

Trending

  • Terraform vs Pulumi vs SST: A Tradeoffs Analysis
  • Fraud Detection in Mobility Services With Apache Kafka and Flink
  • Testing Java Applications With WireMock and Spring Boot
  • Cloud Hardware Diagnostics for AI Workloads

What Is SNI and How Does It Work?

Let's attempt to untangle the technology that is Server Name Indication (SNI).

By 
Jake Adley user avatar
Jake Adley
·
Dec. 12, 18 · Analysis
Likes (3)
Comment
Save
Tweet
Share
54.3K Views

Join the DZone community and get the full member experience.

Join For Free

Want to know what is SNI and how it works? Well, you've come to the right place (not sure about the right time though). Quite often, this great technology goes under the radar, and that’s somewhat understandable. So, here we are doing what we always do – unscrambling the “technical” stuff.

Let’s get under the hood of the technology that is Server Name Indication.

HTTPS and IP Addresses: a Match NOT Made in Heaven

Let’s say you have five HTTP websites and you want to run them on a single IP address. What do you do? You use name-based hosts, that’s what. So, when a user requests a particular site out of five, it uses a unique HTTP header that includes hostname. In response, your server matches this header and paves the way to the requested website.

http client server interaction

However, this won’t work in the case of HTTPS. That’s because the HTTPS protocol uses an SSL/TLS handshake to enforce secure communications between the client (browser) and server. The HTTP header will only be sent once the handshake is over. As the server cannot see the information present in the HTTP header, it cannot possibly know which website to respond with.

How SNI Saved the Day (and Money!)

Before SNI was introduced, one had to purchase a unique IP address for every SSL certificate they had. This resulted in huge costs and expeditious consumption of IPv4 IP addresses. If not stopped, it would have led to rapid exhaustion of IPv4 IP addresses as there could only be around 4 billion IPv4 addresses. This depletion was inevitable, but the purpose was to delay it as much as possible to give the users enough time to migrate to IPv6, which can have around 340 undecillion (Yes, that’s a number!) unique IP addresses.

That’s why SNI had to be introduced.

SNI vs Non-SNI

Server Name Indication (SNI), an extension to the SSL/TLS protocol, allows multiple SSL certificates to be hosted on a single unique IP address. SNI does this by inserting the HTTP header (virtual domain) in the SSL/TLS handshake. As the server is able to see the virtual domain, it serves the client with the website he/she requested.

A win-win for everyone!

Is SNI Scalable?

The biggest and, perhaps, the only concern with SNI is its scalability. Initially, there weren’t many web browsers and servers supporting SNI technology. Today, that scenario has turned upside down. Almost 98 percent of the clients requesting an HTTPS-enabled site support SNI.

So, you don’t need to worry about losing your audience.

What Did We Learn?

  • TLS SNI allows running multiple SSL certificates on a single IP address.
  • SNI inserts the HTTP header in the SSL/TLS handshake so that the browser can be directed to the requested site.
  • Almost 98 percent of the clients requesting HTTPS support SNI.
  • SNI helps you save money as you don’t have to buy multiple IP addresses.
Server Name Indication IT

Published at DZone with permission of Jake Adley. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Java Enterprise Matters: Why It All Comes Back to Jakarta EE
  • What They Don’t Teach You About Starting Your First IT Job
  • MySQL Formatter: How to Make Beautiful Code and Why You Need It
  • The Rise of Shadow AI: When Innovation Outpaces Governance

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: