DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Unraveling Lombok's Code Design Pitfalls: Exploring Encapsulation Issues
  • You Can Keep Your Job, but It Won’t Be the Same Job
  • 10 Must-Have IT Certifications
  • Core Knowledge-Based Learning: Tips for Programmers To Stay Up-To-Date With Technology and Learn Faster

Trending

  • Exploring the Evolution and Impact of Computer Networks
  • A Better Web3 Experience: Account Abstraction From Flow (Part 1)
  • Supercharge Your Communication With Twilio and Ballerina
  • The Promise of Personal Data for Better Living

What Is SNI and How Does It Work?

Let's attempt to untangle the technology that is Server Name Indication (SNI).

Jake Adley user avatar by
Jake Adley
·
Dec. 12, 18 · Analysis
Like (3)
Save
Tweet
Share
53.52K Views

Join the DZone community and get the full member experience.

Join For Free

Want to know what is SNI and how it works? Well, you've come to the right place (not sure about the right time though). Quite often, this great technology goes under the radar, and that’s somewhat understandable. So, here we are doing what we always do – unscrambling the “technical” stuff.

Let’s get under the hood of the technology that is Server Name Indication.

HTTPS and IP Addresses: a Match NOT Made in Heaven

Let’s say you have five HTTP websites and you want to run them on a single IP address. What do you do? You use name-based hosts, that’s what. So, when a user requests a particular site out of five, it uses a unique HTTP header that includes hostname. In response, your server matches this header and paves the way to the requested website.

http client server interaction

However, this won’t work in the case of HTTPS. That’s because the HTTPS protocol uses an SSL/TLS handshake to enforce secure communications between the client (browser) and server. The HTTP header will only be sent once the handshake is over. As the server cannot see the information present in the HTTP header, it cannot possibly know which website to respond with.

How SNI Saved the Day (and Money!)

Before SNI was introduced, one had to purchase a unique IP address for every SSL certificate they had. This resulted in huge costs and expeditious consumption of IPv4 IP addresses. If not stopped, it would have led to rapid exhaustion of IPv4 IP addresses as there could only be around 4 billion IPv4 addresses. This depletion was inevitable, but the purpose was to delay it as much as possible to give the users enough time to migrate to IPv6, which can have around 340 undecillion (Yes, that’s a number!) unique IP addresses.

That’s why SNI had to be introduced.

SNI vs Non-SNI

Server Name Indication (SNI), an extension to the SSL/TLS protocol, allows multiple SSL certificates to be hosted on a single unique IP address. SNI does this by inserting the HTTP header (virtual domain) in the SSL/TLS handshake. As the server is able to see the virtual domain, it serves the client with the website he/she requested.

A win-win for everyone!

Is SNI Scalable?

The biggest and, perhaps, the only concern with SNI is its scalability. Initially, there weren’t many web browsers and servers supporting SNI technology. Today, that scenario has turned upside down. Almost 98 percent of the clients requesting an HTTPS-enabled site support SNI.

So, you don’t need to worry about losing your audience.

What Did We Learn?

  • TLS SNI allows running multiple SSL certificates on a single IP address.
  • SNI inserts the HTTP header in the SSL/TLS handshake so that the browser can be directed to the requested site.
  • Almost 98 percent of the clients requesting HTTPS support SNI.
  • SNI helps you save money as you don’t have to buy multiple IP addresses.
Server Name Indication IT

Published at DZone with permission of Jake Adley. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Unraveling Lombok's Code Design Pitfalls: Exploring Encapsulation Issues
  • You Can Keep Your Job, but It Won’t Be the Same Job
  • 10 Must-Have IT Certifications
  • Core Knowledge-Based Learning: Tips for Programmers To Stay Up-To-Date With Technology and Learn Faster

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: