Talk:Server Name Indication

Phishing?
What is the connection of SNI with phishing? Isn't the author of the relevant paragraph confusing this with DNS hijacking or similar attacks? Phishing is tricking the user (and not his browser) into visiting a different site, such as http://bankofamerica@onlinebanking.com/ instead of https://bankofamerica.com/onlinebanking

Https and SNI would be exactly of zero help here as:
 * the phisher could get a valid certificate for onlinebanking.com, as he does indeed own the site. Ok, if the user doubleclicked on the certificate, he would notice that something is amiss, but those who fall for phishing scams usually won't check certificates either
 * the phisher could just trick the user into visiting a fake http site instead of a https site

In none of the cases, the user would get a "bad certificate" popup. —Preceding unsigned comment added by 158.64.72.230 (talk) 07:43, 3 August 2010 (UTC)

Android
Using the testing tool/site linked as a reference with Android 2.2.1, I get a result indicating SNI is not supported; thus, the assertion that Android's browser correctly supports SNI could probably use some clarification (at least to indicate a version number at which this support began). Charles-dyfis-net (talk) 23:06, 17 November 2010 (UTC)
 * Same here, on Android 2.2 via CyanogenMod 6, SNI isn't supported by the default browser -- Virtualblackfox (talk) 08:47, 23 November 2010 (UTC)
 * Tested on the official emulator for Android with both an 1.6 and a 2.2 image and it doesn't work so it don't seem supported at all -- Virtualblackfox (talk) 09:18, 23 November 2010 (UTC)

Chrome
"(Vista or higher. XP on Chrome 6 or newer."

This is confusing. First it reads like "Vista+", but then you can see that it also works on XP. Actually, I could successfully use it with XP and Chrome 9.0.x --87.165.175.69 (talk) 01:54, 3 March 2011 (UTC)
 * AIUI earlier versions of chrome used the windows SSL/TLS library so they only supported SNI on vista and higher. Newever versions ship their own SSL library so support SNI on all versions of windows. 130.88.108.187 (talk) 15:10, 25 May 2012 (UTC)
 * Marygrace fajardo maglanding pokpok tarantadong hudas 120.29.78.122 (talk) 23:09, 11 March 2023 (UTC)

Accuracy
It's mentioned that some versions of IE still do not support SNI on XP. Since SNI is quickly becoming the standard and more companies who host multiple sites are relying on the technology, I'm requesting a few more references which give support to the claims in the Support section. If this can't be found, I think a bit more elaboration can be given, which would be helpful.
 * My understanding is MS consider the SSL/TLS implementation to be part of windows, not part of IE so it doesn't get updated when you update to a new IE version.
 * I've found a few sites claiming that IE on XP does not support it (including one from 2011 ) and i've found one source claiming that someone claims XP SP3 fixes this and linking to a german blog entry  but I can't make out from the google translate what the blog post is actually saying. Anyone fancy running (yeah I know it's OR but IMO OR to decide whether to trust a source is different from OR to create completely new information) some tests with various IE versions and service packs to see what the actual situation is? Plugwash (talk) 13:56, 6 January 2012 (UTC)
 * I've reverted 521556297 which stated that IE8 under XP SP3 supports SNI - that's not the case as far as I can tell, per Microsoft and testing of this specific OS/browser combination . Shanemadden (talk) 02:35, 22 November 2012 (UTC)

unrelated stuff in article
this article seems to contain a lot of stuff about SSL vs TLS that seems to be unrelated to the SNI extension. Plugwash (talk) 16:51, 6 June 2011 (UTC)

IIS 8
Does anyone have a source for the claim that IIS 8 will support this? --carelesshx talk 12:56, 23 January 2012 (UTC)

This blog post tells it --Erniecom (talk) 10:34, 4 June 2013 (UTC)--

Safari
There is no citation for Safari (the article claims v3+ is required). However, http://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm refers to "Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later)". Can anyone confirm if this version supports SNI? --AlastairIrvine (talk) 10:33, 12 July 2013 (UTC)

Real Stats
This page needs some real stats. The combined market share of IE <9 is 5-10% but I can't break the numbers down any further. — Preceding unsigned comment added by Indolering (talk • contribs) 04:52, 26 July 2013 (UTC)

"As of November 2012, "
Be serious - this article should be deleted as is. — Preceding unsigned comment added by 72.25.67.25 (talk) 18:48, 18 December 2013 (UTC)


 * Disagree. The article is relevant and useful. It should not be deleted. David Spector (talk) 17:14, 26 October 2017 (UTC)

Source for claim "Win7 WebDAV client doesn't support SNI" is INVALID
This footnote "SNI support in WebDAV over HTTPS". 2011-10-12. Retrieved 2014-02-11." linking to a Microsoft forum is not suitable to support the claim that "Win7 WebDAV client doesn't support SNI."

The discussion the link refers to is about s/o who have problems mounting a share that uses SNI in Windows 7. Then s/o from Microsoft answer, pointing them to a completely unrelated source. Then the discussion is closed by the moderator.

So I can't see how this helps confirming the claim.

RalfBergs (talk) 22:18, 17 March 2014 (UTC)

SNI depends upon the SChannel system component shipped with Windows Vista
If SNI depends upon the SChannel system component shipped with Windows Vista then how does Chrome on XP support SNI?

The answer is SNI DOES NOT depend upon the SChannel system component shipped with Windows Vista. This is clearly a factual inaccuracy.

User-visible impact missing
The article doesn't seem to discuss how the use of SNI impacts users in various roles, if at all.

Are new headers needed to be specified in .htaccess files or PHP programming? Are new diectives needed in Apache configuration and in other server software? Is there any impact on WHM or CPanel commands or configuration? Is there any impact on manual (OpenSSL, WHM/CPanel) or automatic (certbot) certificate generation? David Spector (talk) 17:12, 26 October 2017 (UTC)

nginx
nginx is not only a web server, but also a mail forwarder, and it only supports SNI for HTTP, not SMTP/IMAP. I think this should be mentionned, but as it is listed as a "Web Server" it could be misleading, and didn't want to add it myself. — Preceding unsigned comment added by 2A01:E34:EC00:5560:E57D:4F15:646F:1A17 (talk) 16:13, 28 April 2019 (UTC)