Talk:Server Name Indication

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Networking (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force.
 

What is the connection of SNI with phishing? Isn't the author of the relevant paragraph confusing this with DNS hijacking or similar attacks? Phishing is tricking the user (and not his browser) into visiting a different site, such as http://bankofamerica@onlinebanking.com/ instead of https://bankofamerica.com/onlinebanking

Https and SNI would be exactly of zero help here as:

  • the phisher could get a valid certificate for onlinebanking.com, as he does indeed own the site. Ok, if the user doubleclicked on the certificate, he would notice that something is amiss, but those who fall for phishing scams usually won't check certificates either
  • the phisher could just trick the user into visiting a fake http site instead of a https site

In none of the cases, the user would get a "bad certificate" popup. —Preceding unsigned comment added by 158.64.72.230 (talk) 07:43, 3 August 2010 (UTC)


Using the testing tool/site linked as a reference with Android 2.2.1, I get a result indicating SNI is not supported; thus, the assertion that Android's browser correctly supports SNI could probably use some clarification (at least to indicate a version number at which this support began). Charles-dyfis-net (talk) 23:06, 17 November 2010 (UTC)

Same here, on Android 2.2 via CyanogenMod 6, SNI isn't supported by the default browser -- Virtualblackfox (talk) 08:47, 23 November 2010 (UTC)
Tested on the official emulator for Android with both an 1.6 and a 2.2 image and it doesn't work so it don't seem supported at all -- Virtualblackfox (talk) 09:18, 23 November 2010 (UTC)

Chrome[edit]

"(Vista or higher. XP on Chrome 6 or newer."

This is confusing. First it reads like "Vista+", but then you can see that it also works on XP. Actually, I could successfully use it with XP and Chrome 9.0.x --87.165.175.69 (talk) 01:54, 3 March 2011 (UTC)

AIUI earlier versions of chrome used the windows SSL/TLS library so they only supported SNI on vista and higher. Newever versions ship their own SSL library so support SNI on all versions of windows. 130.88.108.187 (talk) 15:10, 25 May 2012 (UTC)

Accuracy[edit]

It's mentioned that some versions of IE still do not support SNI on XP. Since SNI is quickly becoming the standard and more companies who host multiple sites are relying on the technology, I'm requesting a few more references which give support to the claims in the Support section. If this can't be found, I think a bit more elaboration can be given, which would be helpful.

My understanding is MS consider the SSL/TLS implementation to be part of windows, not part of IE so it doesn't get updated when you update to a new IE version.
I've found a few sites claiming that IE on XP does not support it (including one from 2011 [1]) and i've found one source [2] claiming that someone claims XP SP3 fixes this and linking to a german blog entry [3] but I can't make out from the google translate what the blog post is actually saying. Anyone fancy running (yeah I know it's OR but IMO OR to decide whether to trust a source is different from OR to create completely new information) some tests with various IE versions and service packs to see what the actual situation is? Plugwash (talk) 13:56, 6 January 2012 (UTC)
I've reverted 521556297 which stated that IE8 under XP SP3 supports SNI - that's not the case as far as I can tell, per Microsoft ([4]) and testing of this specific OS/browser combination ([5]). Shanemadden (talk) 02:35, 22 November 2012 (UTC)

unrelated stuff in article[edit]

this article seems to contain a lot of stuff about SSL vs TLS that seems to be unrelated to the SNI extension. Plugwash (talk) 16:51, 6 June 2011 (UTC)

IIS 8[edit]

Does anyone have a source for the claim that IIS 8 will support this? --carelesshx talk 12:56, 23 January 2012 (UTC)

This blog post tells it --Erniecom (talk) 10:34, 4 June 2013 (UTC)--

Safari[edit]

There is no citation for Safari (the article claims v3+ is required). However, http://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm refers to "Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)". Can anyone confirm if this version supports SNI? --AlastairIrvine (talk) 10:33, 12 July 2013 (UTC)

Real Stats[edit]

This page needs some real stats. The combined market share of IE <9 is 5-10% but I can't break the numbers down any further. — Preceding unsigned comment added by Indolering (talkcontribs) 04:52, 26 July 2013 (UTC)

"As of November 2012, "[edit]

Be serious - this article should be deleted as is. — Preceding unsigned comment added by 72.25.67.25 (talk) 18:48, 18 December 2013 (UTC)

Source for claim "Win7 WebDAV client doesn't support SNI" is INVALID[edit]

This footnote "SNI support in WebDAV over HTTPS". 2011-10-12. Retrieved 2014-02-11." linking to a Microsoft forum is not suitable to support the claim that "Win7 WebDAV client doesn't support SNI."

The discussion the link refers to is about s/o who have problems mounting a share that uses SNI in Windows 7. Then s/o from Microsoft answer, pointing them to a completely unrelated source. Then the discussion is closed by the moderator.

So I can't see how this helps confirming the claim.

RalfBergs (talk) 22:18, 17 March 2014 (UTC)