In more detail, when making a TLS connection, the client requests a digital certificate from the web server. Hence, if one physical server hosts multiple sites, the server has no way to know which certificate to use in the TLS protocol. Prior to SNI, when making a TLS connection, the client had no way to specify which site it is trying to connect to. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS.
This allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure ( HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. Server Name Indication ( SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. TLS extension for serve multiple HTTPS sites at the same IP address with different certificates
0 kommentar(er)
