Server Name Indication

Server Name Indication (SNI) is a feature that extends the SSL and TLS protocols to indicate what hostname the client is attempting to connect to at the start of the handshaking process. By doing so it allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate.

Unfortunately to make use of SNI practical it is necessary that the vast majority of users are using web browsers that support it. Users whose browsers do not support SNI will be presented with a default certificate and hence are likely to receive certificate warnings. As of 2011 there are still many users of browsers that do not support SNI.

Contents

Background of the problem

When making a SSL/TLS connection the client requests a digital certificate from the server; once the server sends the certificate, the client examines it and compares the name it was trying to connect to with the name(s) included in the certificate. If a match is found the connection proceeds as normal. If a match is not found the user may be warned of the discrepancy and the connection may be aborted as the mismatch may indicate an attempted man-in-the-middle attack.

It is possible for one certificate to cover multiple names. The X.509 v3 specification introduced the so-called subjectAltName field which allows one certificate to specify more than one domain and it is possible to have wildcards in both the common name and subjectAltName fields. However it may be impractical to obtain a single certificate that covers all names a server will be responsible for. As such a server that is responsible for multiple hostnames is likely to need to present a different certificate for each name (or small group of names). Since 2005, CAcert has run experiments on different methods of using TLS on virtual servers.[1] Most of the experiments are unsatisfactory and impractical. For example, it is possible to use subjectAltName to contain multiple domains controlled by one person[2] in a single certificate. Such "unified communications certificates" are reissued every time the list of domains changes.

Name-based based virtual hosting allows multiple DNS hostnames to be hosted by a single server (usually a web server) on the same IP address. To achieve this the server uses a hostname presented by the client as part of the protocol (for HTTP the name is presented in the host header). However when using HTTPS the SSL/TLS handshake happens before the server sees any HTTP headers. Therefore it is not possible for the server to use the information in the HTTP host header to decide which certificate to present and as such only names covered by the same certificate can be served from the same IP address.

In practice, this means that a HTTP server can only serve one domain (or small group of domains) per IP address for secured browsing. Assigning a separate IP address for each site increases the cost of hosting since requests for IP addresses must be justified to the regional internet registry and IPv4 addresses are now in short supply. The result is that many websites are effectively prevented from using secure communications.

How SNI fixes the problem

An extension to TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual domain as part of the TLS negotiation.[3] This enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name. Therefore with clients and servers that support SNI a single IP address can be used to serve a group of domain names for which it is impractical to get a common certificate.

Support

In 2004, a patch for TLS/SNI into OpenSSL was created by the EdelKey project.[4] In 2006, this patch was then ported to the development branch of OpenSSL, and in 2007 it was back-ported to OpenSSL 0.9.8.

To support SNI the SSL/TLS library used by an application must support it and the application must pass the hostname to the SSL/TLS library. Further complicating matters the SSL/TLS library may be either shipped as part of the application or may be a component of the operating system. As a result of this some browsers support SNI on all operating systems while others only support it on a subset of operating systems. As of 2011 most web browsers and SSL libraries have implemented support for SNI but there are still a large number of users still using combinations of browser and operating system that do not support it.

Browsers with support for TLS server name indication
[5]
Servers
Libraries

No support

The following combinations do not support SNI:

Client side
Server side
Libraries

References

  1. ^ "CAcert VHostTaskForce". CAcert Wik. http://wiki.cacert.org/wiki/VhostTaskForce. 
  2. ^ "What is a Multiple Domain (UCC) SSL Certificate?". http://help.godaddy.com/article/3908?locale=en. 
  3. ^ "TLS Server Name Indication". Paul's Journal. http://journal.paul.querna.org/articles/2005/04/24/tls-server-name-indication/. 
  4. ^ "EdelKey Project". http://www.edelweb.fr/EdelKey/. 
  5. ^ Brand, Kaspar (2009-03-29). "TLS SNI Test Site". https://sni.velox.ch/. 
  6. ^ "Google Chrome, Issue 43142, Use SSLClientSocketNSS on Windows by default". 2010-10-29 - Although many report Chrome 8 does not work with SNI on XP and Win7. https://code.google.com/p/chromium/issues/detail?id=43142. 
  7. ^ "Bug 122433: Server Name Identification support". Bugs.kde.org. https://bugs.kde.org/show_bug.cgi?id=122433. Retrieved 2011-07-18. 
  8. ^ Kehrer, Paul. "SNI in iOS 4.0". http://langui.sh/2010/06/08/sni-in-ios-4-0/. Retrieved 22 November 2010. 
  9. ^ "Issue 12908 - android Https - websites that support Server Name Indication (SNI) don't work". code.google.com. http://code.google.com/p/android/issues/detail?id=12908#c13. Retrieved 23 August 2011. 
  10. ^ "Bug 34607: Support for Server Name Indication". Apache Software Foundation. https://issues.apache.org/bugzilla/show_bug.cgi?id=34607. 
  11. ^ "Revision 776281: adding support for Server Name Indication to the Apache 2.2.x branch". Apache Software Foundation. http://svn.apache.org/viewvc?view=rev&revision=776281. 
  12. ^ "CHANGES: Server Name Indication support is listed under the changes for Apache 2.2.12". Apache Software Foundation. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES. 
  13. ^ Notaras, George (2007-08-10). "SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls". http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/. 
  14. ^ "#386 (TLS servername extension (SNI) for namebased TLS-vhosts)". Trac.lighttpd.net. http://trac.lighttpd.net/trac/ticket/386. Retrieved 2011-03-08. 
  15. ^ "1.4.24 - now with TLS SNI and money back guarantee". Blog.lighttpd.net. http://blog.lighttpd.net/articles/2009/10/25/lighttpd-1-4-24-released. Retrieved 2011-03-08. 
  16. ^ "Apsis Gmbh". apsis.ch. http://www.apsis.ch/pound/. Retrieved 2011-08-18. 
  17. ^ "NSS 3.11.1 Release Notes". Mozilla.org. http://www.mozilla.org/projects/security/pki/nss/nss-3.11.1/nss-3.11.1-release-notes.html. Retrieved 2011-03-08. 
  18. ^ "TLS Extensions". Gnu.org. 2010-08-01. http://www.gnu.org/software/gnutls/manual/html_node/TLS-Extensions.html. Retrieved 2011-03-08. 
  19. ^ a b "Support TLS SNI extension in ssl module". Bugs.python.org. http://bugs.python.org/issue5639. Retrieved 2011-03-08. 
  20. ^ a b "QTBUG-1352. It would be useful if QSslSocket supports TLS extensions such as Server Name Indication as per RFC 3546.". Qt Bug Tracker. http://bugreports.qt.nokia.com/browse/QTBUG-1352. Retrieved 2011-04-15. 
  21. ^ "Java SE 7 Release Security Enhancements". download.oracle.com. http://download.oracle.com/javase/7/docs/technotes/guides/security/enhancements7.html. Retrieved 1 September 2011. 
  22. ^ "Bugs: bug #26786, TLS SNI support". GNU Wget. 2010-10-29. https://savannah.gnu.org/bugs/?func=detailitem&item_id=26786. 
  23. ^ "Understanding Certificate Name Mismatches". Blogs.msdn.com. http://blogs.msdn.com/b/ieinternals/archive/2009/12/07/certificate-name-mismatch-warnings-and-server-name-indication.aspx. Retrieved 2011-03-08. 
  24. ^ "Android issue 1290 - Https websites that support Server Name Indication (SNI) don't work". Code.google.com. 2010-12-01. http://code.google.com/p/android/issues/detail?id=12908. Retrieved 2011-12-13. 
  25. ^ "IBM HTTP Server SSL Questions and Answers". Publib.boulder.ibm.com. http://publib.boulder.ibm.com/httpserv/ihsdiag/ssl_questions.html#SNI. Retrieved 2011-03-08. 
  26. ^ "NSS Roadmap (as of 11 September 2009)". Wiki.mozilla.org. https://wiki.mozilla.org/NSS:Roadmap#NSS_3.12. Retrieved 2011-03-08. 

External links