Talk:Server Name Indication
|WikiProject Computing / Networking / Software / Security||(Rated Start-class, Low-importance)|
What is the connection of SNI with phishing? Isn't the author of the relevant paragraph confusing this with DNS hijacking or similar attacks? Phishing is tricking the user (and not his browser) into visiting a different site, such as http://email@example.com/ instead of https://bankofamerica.com/onlinebanking
Https and SNI would be exactly of zero help here as:
- the phisher could get a valid certificate for onlinebanking.com, as he does indeed own the site. Ok, if the user doubleclicked on the certificate, he would notice that something is amiss, but those who fall for phishing scams usually won't check certificates either
- the phisher could just trick the user into visiting a fake http site instead of a https site
Using the testing tool/site linked as a reference with Android 2.2.1, I get a result indicating SNI is not supported; thus, the assertion that Android's browser correctly supports SNI could probably use some clarification (at least to indicate a version number at which this support began). Charles-dyfis-net (talk) 23:06, 17 November 2010 (UTC)
- Same here, on Android 2.2 via CyanogenMod 6, SNI isn't supported by the default browser -- Virtualblackfox (talk) 08:47, 23 November 2010 (UTC)
"(Vista or higher. XP on Chrome 6 or newer."
This is confusing. First it reads like "Vista+", but then you can see that it also works on XP. Actually, I could successfully use it with XP and Chrome 9.0.x --188.8.131.52 (talk) 01:54, 3 March 2011 (UTC)
- AIUI earlier versions of chrome used the windows SSL/TLS library so they only supported SNI on vista and higher. Newever versions ship their own SSL library so support SNI on all versions of windows. 184.108.40.206 (talk) 15:10, 25 May 2012 (UTC)
It's mentioned that some versions of IE still do not support SNI on XP. Since SNI is quickly becoming the standard and more companies who host multiple sites are relying on the technology, I'm requesting a few more references which give support to the claims in the Support section. If this can't be found, I think a bit more elaboration can be given, which would be helpful.
- My understanding is MS consider the SSL/TLS implementation to be part of windows, not part of IE so it doesn't get updated when you update to a new IE version.
- I've found a few sites claiming that IE on XP does not support it (including one from 2011 ) and i've found one source  claiming that someone claims XP SP3 fixes this and linking to a german blog entry  but I can't make out from the google translate what the blog post is actually saying. Anyone fancy running (yeah I know it's OR but IMO OR to decide whether to trust a source is different from OR to create completely new information) some tests with various IE versions and service packs to see what the actual situation is? Plugwash (talk) 13:56, 6 January 2012 (UTC)
- I've reverted 521556297 which stated that IE8 under XP SP3 supports SNI - that's not the case as far as I can tell, per Microsoft () and testing of this specific OS/browser combination (). Shanemadden (talk) 02:35, 22 November 2012 (UTC)
There is no citation for Safari (the article claims v3+ is required). However, http://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm refers to "Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)". Can anyone confirm if this version supports SNI? --AlastairIrvine (talk) 10:33, 12 July 2013 (UTC)
This page needs some real stats. The combined market share of IE <9 is 5-10% but I can't break the numbers down any further. — Preceding unsigned comment added by Indolering (talk • contribs) 04:52, 26 July 2013 (UTC)
"As of November 2012, "
- Disagree. The article is relevant and useful. It should not be deleted. David Spector (talk) 17:14, 26 October 2017 (UTC)
Source for claim "Win7 WebDAV client doesn't support SNI" is INVALID
This footnote "SNI support in WebDAV over HTTPS". 2011-10-12. Retrieved 2014-02-11." linking to a Microsoft forum is not suitable to support the claim that "Win7 WebDAV client doesn't support SNI."
The discussion the link refers to is about s/o who have problems mounting a share that uses SNI in Windows 7. Then s/o from Microsoft answer, pointing them to a completely unrelated source. Then the discussion is closed by the moderator.
So I can't see how this helps confirming the claim.
SNI depends upon the SChannel system component shipped with Windows Vista
If SNI depends upon the SChannel system component shipped with Windows Vista then how does Chrome on XP support SNI?
The answer is SNI DOES NOT depend upon the SChannel system component shipped with Windows Vista. This is clearly a factual inaccuracy.
User-visible impact missing
The article doesn't seem to discuss how the use of SNI impacts users in various roles, if at all.
Are new headers needed to be specified in .htaccess files or PHP programming? Are new diectives needed in Apache configuration and in other server software? Is there any impact on WHM or CPanel commands or configuration? Is there any impact on manual (OpenSSL, WHM/CPanel) or automatic (certbot) certificate generation? David Spector (talk) 17:12, 26 October 2017 (UTC)
nginx is not only a web server, but also a mail forwarder, and it only supports SNI for HTTP, not SMTP/IMAP. I think this should be mentionned, but as it is listed as a "Web Server" it could be misleading, and didn't want to add it myself. — Preceding unsigned comment added by 2A01:E34:EC00:5560:E57D:4F15:646F:1A17 (talk) 16:13, 28 April 2019 (UTC)