Talk:Server Name Indication

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computing / Networking / Software / Security (Rated Start-class, Low-importance)
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as Mid-importance).
Taskforce icon
This article is supported by WikiProject Software (marked as Low-importance).
Taskforce icon
This article is supported by WikiProject Computer Security (marked as Low-importance).
Things you can help WikiProject Computer Security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Answer question about Same-origin_policy
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.


What is the connection of SNI with phishing? Isn't the author of the relevant paragraph confusing this with DNS hijacking or similar attacks? Phishing is tricking the user (and not his browser) into visiting a different site, such as instead of

Https and SNI would be exactly of zero help here as:

  • the phisher could get a valid certificate for, as he does indeed own the site. Ok, if the user doubleclicked on the certificate, he would notice that something is amiss, but those who fall for phishing scams usually won't check certificates either
  • the phisher could just trick the user into visiting a fake http site instead of a https site

In none of the cases, the user would get a "bad certificate" popup. —Preceding unsigned comment added by (talk) 07:43, 3 August 2010 (UTC)[reply]


Using the testing tool/site linked as a reference with Android 2.2.1, I get a result indicating SNI is not supported; thus, the assertion that Android's browser correctly supports SNI could probably use some clarification (at least to indicate a version number at which this support began). Charles-dyfis-net (talk) 23:06, 17 November 2010 (UTC)[reply]

Same here, on Android 2.2 via CyanogenMod 6, SNI isn't supported by the default browser -- Virtualblackfox (talk) 08:47, 23 November 2010 (UTC)[reply]
Tested on the official emulator for Android with both an 1.6 and a 2.2 image and it doesn't work so it don't seem supported at all -- Virtualblackfox (talk) 09:18, 23 November 2010 (UTC)[reply]


"(Vista or higher. XP on Chrome 6 or newer."

This is confusing. First it reads like "Vista+", but then you can see that it also works on XP. Actually, I could successfully use it with XP and Chrome 9.0.x -- (talk) 01:54, 3 March 2011 (UTC)[reply]

AIUI earlier versions of chrome used the windows SSL/TLS library so they only supported SNI on vista and higher. Newever versions ship their own SSL library so support SNI on all versions of windows. (talk) 15:10, 25 May 2012 (UTC)[reply]


It's mentioned that some versions of IE still do not support SNI on XP. Since SNI is quickly becoming the standard and more companies who host multiple sites are relying on the technology, I'm requesting a few more references which give support to the claims in the Support section. If this can't be found, I think a bit more elaboration can be given, which would be helpful.

My understanding is MS consider the SSL/TLS implementation to be part of windows, not part of IE so it doesn't get updated when you update to a new IE version.
I've found a few sites claiming that IE on XP does not support it (including one from 2011 [1]) and i've found one source [2] claiming that someone claims XP SP3 fixes this and linking to a german blog entry [3] but I can't make out from the google translate what the blog post is actually saying. Anyone fancy running (yeah I know it's OR but IMO OR to decide whether to trust a source is different from OR to create completely new information) some tests with various IE versions and service packs to see what the actual situation is? Plugwash (talk) 13:56, 6 January 2012 (UTC)[reply]
I've reverted 521556297 which stated that IE8 under XP SP3 supports SNI - that's not the case as far as I can tell, per Microsoft ([4]) and testing of this specific OS/browser combination ([5]). Shanemadden (talk) 02:35, 22 November 2012 (UTC)[reply]

unrelated stuff in article[edit]

this article seems to contain a lot of stuff about SSL vs TLS that seems to be unrelated to the SNI extension. Plugwash (talk) 16:51, 6 June 2011 (UTC)[reply]

IIS 8[edit]

Does anyone have a source for the claim that IIS 8 will support this? --carelesshx talk 12:56, 23 January 2012 (UTC)[reply]

This blog post tells it --Erniecom (talk) 10:34, 4 June 2013 (UTC)--[reply]


There is no citation for Safari (the article claims v3+ is required). However, refers to "Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)". Can anyone confirm if this version supports SNI? --AlastairIrvine (talk) 10:33, 12 July 2013 (UTC)[reply]

Real Stats[edit]

This page needs some real stats. The combined market share of IE <9 is 5-10% but I can't break the numbers down any further. — Preceding unsigned comment added by Indolering (talkcontribs) 04:52, 26 July 2013 (UTC)[reply]

"As of November 2012, "[edit]

Be serious - this article should be deleted as is. — Preceding unsigned comment added by (talk) 18:48, 18 December 2013 (UTC)[reply]

Disagree. The article is relevant and useful. It should not be deleted. David Spector (talk) 17:14, 26 October 2017 (UTC)[reply]

Source for claim "Win7 WebDAV client doesn't support SNI" is INVALID[edit]

This footnote "SNI support in WebDAV over HTTPS". 2011-10-12. Retrieved 2014-02-11." linking to a Microsoft forum is not suitable to support the claim that "Win7 WebDAV client doesn't support SNI."

The discussion the link refers to is about s/o who have problems mounting a share that uses SNI in Windows 7. Then s/o from Microsoft answer, pointing them to a completely unrelated source. Then the discussion is closed by the moderator.

So I can't see how this helps confirming the claim.

RalfBergs (talk) 22:18, 17 March 2014 (UTC)[reply]

SNI depends upon the SChannel system component shipped with Windows Vista[edit]

If SNI depends upon the SChannel system component shipped with Windows Vista then how does Chrome on XP support SNI?

The answer is SNI DOES NOT depend upon the SChannel system component shipped with Windows Vista. This is clearly a factual inaccuracy.

User-visible impact missing[edit]

The article doesn't seem to discuss how the use of SNI impacts users in various roles, if at all.

Are new headers needed to be specified in .htaccess files or PHP programming? Are new diectives needed in Apache configuration and in other server software? Is there any impact on WHM or CPanel commands or configuration? Is there any impact on manual (OpenSSL, WHM/CPanel) or automatic (certbot) certificate generation? David Spector (talk) 17:12, 26 October 2017 (UTC)[reply]


nginx is not only a web server, but also a mail forwarder, and it only supports SNI for HTTP, not SMTP/IMAP. I think this should be mentionned, but as it is listed as a "Web Server" it could be misleading, and didn't want to add it myself. — Preceding unsigned comment added by 2A01:E34:EC00:5560:E57D:4F15:646F:1A17 (talk) 16:13, 28 April 2019 (UTC)[reply]