{"id":25071,"date":"2022-02-02T15:03:31","date_gmt":"2022-02-02T15:03:31","guid":{"rendered":"https:\/\/1-grid.com\/knowledge\/what-is-sni\/"},"modified":"2023-08-30T14:56:25","modified_gmt":"2023-08-30T14:56:25","slug":"what-is-sni","status":"publish","type":"ht_kb","link":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/","title":{"rendered":"What Is SNI?"},"content":{"rendered":"<blockquote><p>This article provides you with information regarding SNI<\/p><\/blockquote>\n<p><span style=\"font-size: 24px; color: #000000;\"><strong>What is SNI (Server Name Indication)?<\/strong><\/span><\/p>\n<p><span style=\"color: #000000;\">SNI is somewhat like mailing a package to an apartment building instead of a house. When mailing something to someone&#8217;s house, the street address alone is enough to get the package to the right person. But when a package goes to an apartment building, it needs the apartment number in addition to the street address; otherwise, the package might not go to the right person or might not be delivered at all.<\/span><\/p>\n<p><span style=\"color: #000000;\">Many web servers are more like apartment buildings than houses: They host several domain names, and so the IP address alone is not enough to indicate which domain a user is trying to reach. This can result in the server showing the wrong\u00a0SSL certificate, which prevents or terminates an HTTPS connection \u2013 just like a package can&#8217;t be delivered to an address if the correct person doesn&#8217;t sign for it.<\/span><\/p>\n<p><span style=\"color: #000000;\">When multiple websites are hosted on one server and share a single IP address, and each website has its own SSL certificate, the server may not know which SSL certificate to show when a client device tries to securely connect to one of the websites. This is because the SSL\/TLS handshake occurs before the client device indicates over HTTP which website it&#8217;s connecting to.<\/span><\/p>\n<p><span style=\"color: #000000;\">Server Name Indication (SNI) is designed to solve this problem. SNI is an extension for the\u00a0TLS protocol (formerly known as the\u00a0SSL protocol), which is used in HTTPS. It&#8217;s included in the\u00a0TLS\/SSL handshake process in order to ensure that client devices are able to see the correct SSL certificate for the website they are trying to reach. The extension makes it possible to specify the hostname, or\u00a0domain name, of the website during the TLS handshake, instead of when the\u00a0HTTP connection opens after the handshake.<\/span><\/p>\n<p><span style=\"color: #000000;\">More simply put, SNI makes it possible for a user device to open a secure connection with<\/span> <a href=\"https:\/\/www.example.com\" rel=\"noreferrer\">https:\/\/www.example.com<\/a> <span style=\"color: #000000;\">even if that website is hosted in the same place (same IP address) as<\/span> <a href=\"https:\/\/www.something.com\" rel=\"noreferrer\">https:\/\/www.something.com<\/a>, <a href=\"https:\/\/www.another-website.com\" rel=\"noreferrer\">https:\/\/www.another-website.com<\/a>, <span style=\"color: #000000;\">and<\/span> <a href=\"https:\/\/www.example.io\">https:\/\/www.example.io<\/a>.<\/p>\n<p><span style=\"color: #000000;\">SNI prevents what&#8217;s known as a &#8220;common name mismatch error&#8221;: when a\u00a0client (user) device reaches the right\u00a0IP address for a website, but the name on the SSL certificate doesn&#8217;t match the name of the website. Often this kind of error results in a &#8220;Your connection is not private&#8221; error message in the user&#8217;s browser.<\/span><\/p>\n<p><span style=\"color: #000000;\">SNI was added as an extension to TLS\/SSL in 2003; it was not originally a part of the protocol. Almost all browsers, operating systems, and web servers support it, with the exception of some of the very oldest browsers and operating systems that are still in use.<\/span><\/p>\n<h2 style=\"box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; font-weight: 400; line-height: 35px; color: #000000; margin-bottom: 0px; margin-left: 0px; font-size: 1.5em; text-align: start; text-indent: 0px;\"><\/h2>\n<h2><span style=\"font-size: 24px; color: #000000;\"><strong>What does the TLS SNI extension do?<\/strong><\/span><\/h2>\n<p><span style=\"color: #000000;\">Often a web server is responsible for multiple hostnames \u2013 or domain names (which are the human-readable names of websites). Each hostname will have its own SSL certificate if the websites use\u00a0HTTPS.<\/span><\/p>\n<p><span style=\"color: #000000;\">The problem is, all these hostnames on one server are at the same IP address. This isn&#8217;t a problem over HTTP, because as soon as a\u00a0TCP connection is opened the client will indicate which website they&#8217;re trying to reach in an HTTP request.<\/span><\/p>\n<p><span style=\"color: #000000;\">But in HTTPS, a TLS handshake takes place first, before the HTTP conversation can begin (HTTPS still uses HTTP \u2013 it just encrypts the HTTP messages). Without SNI, then, there is no way for the client to indicate to the server which hostname they&#8217;re talking to. As a result, the server may produce the SSL certificate for the wrong hostname. If the name on the SSL certificate does not match the name the client is trying to reach, the client browser returns an error and usually terminates the connection.<\/span><\/p>\n<p><span style=\"color: #000000;\">SNI adds the domain name to the TLS handshake process so that the TLS process reaches the right domain name and receives the correct SSL certificate, enabling the rest of the TLS handshake to proceed as normal.<\/span><\/p>\n<p><span style=\"color: #000000;\">Specifically, SNI includes the hostname in the Client Hello message or the very first step of a TLS handshake.<\/span><\/p>\n<h2><span style=\"font-size: 24px; color: #000000;\"><strong>What is a hostname? What is a virtual hostname?<\/strong><\/span><\/h2>\n<p><span style=\"color: #000000;\">A hostname is the name of a device that connects to a network. In the context of the Internet, a domain name, or the name of a website, is a kind of hostname. Both are separate from the IP address associated with the domain name.<\/span><\/p>\n<p><span style=\"color: #000000;\">A virtual hostname is a hostname that doesn&#8217;t have its own IP address and is hosted on a server along with other hostnames. It is &#8220;virtual&#8221; in that it doesn&#8217;t have a dedicated physical server, just as virtual reality exists only digitally, not in the physical world.<\/span><\/p>\n<h2><span style=\"font-size: 24px; color: #000000;\"><strong>What happens if a user&#8217;s browser doesn&#8217;t support SNI?<\/strong><\/span><\/h2>\n<p><span style=\"color: #000000;\">In this rare case, the user will likely be unable to reach certain websites, and the user&#8217;s browser will return an error message like &#8220;Your connection is not private.&#8221;<\/span><\/p>\n<p><span style=\"color: #000000;\">The vast majority of browsers and operating systems support SNI. Only very old versions of Internet Explorer, old versions of the BlackBerry operating system, and other outdated software versions do not support SNI.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article provides you with information regarding SNI What is SNI (Server Name Indication)? SNI is somewhat like mailing a package to an apartment building instead of a house. When mailing something to someone&#8217;s house, the street address alone is enough to get the package to the right person. But&#8230;<\/p>\n","protected":false},"author":21,"comment_status":"open","ping_status":"open","template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"ht-kb-category":[21],"ht-kb-tag":[547,930,951,1118],"class_list":["post-25071","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-ssl-certificates","ht_kb_tag-is","ht_kb_tag-sni","ht_kb_tag-ssl-certificates-and-website-security","ht_kb_tag-what"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is SNI? - 1-grid Knowledge Base<\/title>\n<meta name=\"description\" content=\"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is SNI? - 1-grid Knowledge Base\" \/>\n<meta property=\"og:description\" content=\"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base\" \/>\n<meta property=\"og:url\" content=\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/\" \/>\n<meta property=\"og:site_name\" content=\"1-grid Knowledge Base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/1grid.co.za\/\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T14:56:25+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@1grid_hosting\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/\",\"name\":\"What Is SNI? - 1-grid Knowledge Base\",\"isPartOf\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#website\"},\"datePublished\":\"2022-02-02T15:03:31+00:00\",\"dateModified\":\"2023-08-30T14:56:25+00:00\",\"description\":\"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base\",\"breadcrumb\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/1grid.co.za\/knowledge\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is SNI?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#website\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/\",\"name\":\"1-Grid Domain Hosting Knowledge Base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/1grid.co.za\/knowledge\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#organization\",\"name\":\"1-Grid Domain Hosting Knowledge Base\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg\",\"contentUrl\":\"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg\",\"width\":100,\"height\":100,\"caption\":\"1-Grid Domain Hosting Knowledge Base\"},\"image\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/1grid.co.za\/\",\"https:\/\/twitter.com\/1grid_hosting\",\"https:\/\/www.instagram.com\/1grid_hosting\/\",\"https:\/\/za.linkedin.com\/company\/1-grid\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is SNI? - 1-grid Knowledge Base","description":"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"What Is SNI? - 1-grid Knowledge Base","og_description":"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base","og_url":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/","og_site_name":"1-grid Knowledge Base","article_publisher":"https:\/\/www.facebook.com\/1grid.co.za\/","article_modified_time":"2023-08-30T14:56:25+00:00","twitter_card":"summary_large_image","twitter_site":"@1grid_hosting","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/","url":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/","name":"What Is SNI? - 1-grid Knowledge Base","isPartOf":{"@id":"https:\/\/1grid.co.za\/knowledge\/#website"},"datePublished":"2022-02-02T15:03:31+00:00","dateModified":"2023-08-30T14:56:25+00:00","description":"This article provides you with information regarding SNI 1-grid Knowledge Base What Is SNI? 1-grid Knowledge Base","breadcrumb":{"@id":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/1grid.co.za\/knowledge\/what-is-sni\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/1grid.co.za\/knowledge\/what-is-sni\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/1grid.co.za\/knowledge\/"},{"@type":"ListItem","position":2,"name":"What Is SNI?"}]},{"@type":"WebSite","@id":"https:\/\/1grid.co.za\/knowledge\/#website","url":"https:\/\/1grid.co.za\/knowledge\/","name":"1-Grid Domain Hosting Knowledge Base","description":"","publisher":{"@id":"https:\/\/1grid.co.za\/knowledge\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/1grid.co.za\/knowledge\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/1grid.co.za\/knowledge\/#organization","name":"1-Grid Domain Hosting Knowledge Base","url":"https:\/\/1grid.co.za\/knowledge\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/","url":"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg","contentUrl":"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg","width":100,"height":100,"caption":"1-Grid Domain Hosting Knowledge Base"},"image":{"@id":"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/1grid.co.za\/","https:\/\/twitter.com\/1grid_hosting","https:\/\/www.instagram.com\/1grid_hosting\/","https:\/\/za.linkedin.com\/company\/1-grid"]}]}},"_links":{"self":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/comments?post=25071"}],"version-history":[{"count":2,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25071\/revisions"}],"predecessor-version":[{"id":30940,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25071\/revisions\/30940"}],"wp:attachment":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/media?parent=25071"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb-category?post=25071"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb-tag?post=25071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}