Server Name Indication

background

In order to check the authenticity of a website on the Internet as a user , digital certificates are usually used . Since the encrypted connection to the server is established before the requested URL is transmitted , it is not possible to use multiple domains under one IP address with TLS 1.0 / SSL encryption (so-called virtual hosting ). The reason for this restriction is that if there are several certificates, the server does not know which certificate, which is usually only valid for one domain, it should use. At the time of the specification of SSL / TLS the possibility of virtual hosting was not provided.

Procedure

In the extended SNI procedure, the browser transfers the domain name in the so-called server_name parameter to the server when the connection is established so that the server can select the appropriate certificate and use it for the TLS handshake .

So-called “wildcard certificates” with a canonical name like here * .wikipedia.org include any name in a domain. A certificate can also contain alternative names. Certificate providers charge higher fees for such certificates.

safety

The server_name parameter is transmitted unencrypted and can therefore easily be spied on by a third party who can eavesdrop on the connection. Under certain circumstances, this reveals more information than SSL / TLS without SNI, since the subsequently transmitted server certificate also contains the domain (s) for which it was issued in plain text. If the certificate is valid for several domains or is a wildcard certificate, the spying person would not find out the complete host name requested without the SNI.

Regardless of SSL / TLS and the HTTP protocol, third parties can also find out about the queried domain, since the domain must be resolved using DNS or DNSSEC to establish the connection . The full domain name (including the subdomain) is usually transmitted unencrypted. There are approaches to solving this problem with DNS over TLS or DNS over HTTPS .

In the case of many, especially larger, websites, it is also possible to use the IP address called up , as this cannot be encrypted due to the system. In the case of medium-sized websites, this is at least not possible for subdomains if they are on the same server.

Supported software

Norms and standards

Initially, Server Name Indication (SNI) was an optional protocol extension from TLS 1.0 from 1999 and has been improved and expanded several times:

• RFC 3546 Transport Layer Security (TLS) Extensions, Chapter 3.1 [2003, obsolete]
• RFC 4366 Transport Layer Security (TLS) Extensions, Chapter 3.1 [2006, obsolete]
• RFC 6066 Transport Layer Security (TLS) Extensions: Extension Definitions, Chapter 3 [2011, currently with additions from RFC 8446 from 2018]

Since TLS 1.3 of 2018, SNI has been part of the basic functional scope of TLS.

Web links

• Browser test for SNI

Individual evidence

1. ↑ Does Domino HTTP allow SSL certificates with SubjectAltName? IBM , accessed October 2, 2016 . 
2. ↑ ^{a b c d e} Server Name Indication (SNI). IBM, accessed October 2, 2016 . 
3. ↑ IIS 8 and IIS 8.5 SNI Browser Support . DigiCert. Accessed December 31, 2015.
4. ↑ http://code.google.com/p/android/issues/detail?id=12908#c15
5. ↑ https://bugzilla.mozilla.org/show_bug.cgi?id=765064
6. ↑ http://blogs.msdn.com/b/kaushal/archive/2012/09/04/server-name-indication-sni-in-iis-8-windows-server-2012.aspx
7. ↑ http://langui.sh/2010/06/08/sni-in-ios-4-0/
8. ↑ IBM HTTP Server SSL Questions and Answers . Publib.boulder.ibm.com. Retrieved March 8, 2011.
9. ↑ IHS 8 powered by Apache 2.2.x? . Publib.boulder.ibm.com. Retrieved March 8, 2011.
10. ↑ http://www.lighttpd.net/2009/10/25/1-4-24-now-with-tls-sni-and-money-back-guarantee
11. ↑ # 386 (TLS servername extension (SNI) for name-based TLS-vhosts)
12. ↑ https://www.hiawatha-webserver.org/changelog
13. ↑ Implement TLS Server Name Indication for servers . Bugzilla @ Mozilla. November 11, 2006. Retrieved October 30, 2012.
14. ↑ See RFC 8446 , Chapter 9.2 Mandatory-to-Implement Extensions.