Server Name Indication
Encyclopedia
Server Name Indication is a feature that extends the SSL and TLS
protocols. To properly secure the communication between a client and a server, the client requests a digital certificate from the server; once the server sends the certificate, the client examines it, uses it to encrypt the communication, and proceeds with the normal request-response
conversation. However, in a virtual hosting
scenario, several domains -- each with its own potentially distinct certificate -- are hosted on one server. In this case, the server has no way of knowing beforehand which certificate to send to the client. SNI allows the client to inform the desired domain earlier in the protocol, allowing the server to correctly select the proper certificate.
(TLS) protocol. It is used, for example, when a user types "https" in a browser's URL field.
In order to confirm that the site to which the user wants to connect is actually the site to which the browser connected, TLS uses a digitally-signed certificate that includes the domain name of the site. Client-side software (browsers) generally accepts the certificate as "trusted" because it is signed by a certification authority listed in its internal "root list."
In the TLS startup phase, the client software compares the user-entered domain part of the URI
with the domain name found in the server's certificate (CN or subjectAltName). Should the comparison fail, the browser will warn the user that there is something wrong with the certificate of the site.
(PKI) expectations of one server, one service, and therefore, one certificate. This meant that the server could select and send the certificate in the early stages of the startup because it knew what domain it was serving.
With virtual hosting
, a common feature of HTTP servers, each server provides many domains through the same IP address
. The server examines each request to determine which domain is being served. This information is found, for example, in the HTTP request headers. Unfortunately, when setting up TLS encryption, the server must select and send the certificate based on the destination IP address before it reads the domain name in the HTTP request.
Therefore, the simple approach to secure virtual hosting results in the wrong certificate (a default) being used, which causes the browser to warn the user.
attacks, which seek to intercept the communication by posing as the server to the client, and as a client to the real server. With an SSL or TLS secured connection, your browser can attempt to authenticate the security of connection based on the target site's certificate. If a man in the middle is present, the certificate fails to validate, and your browser can alert you to the security risk. Without a signed certificate matching the site's host name, there is no standard way of making sure that you are communicating directly with the server you requested, rather than with a "man in the middle".
Alternatively, the X.509
v3 specification introduced the so-called subjectAltName field which allows one certificate to be used for more than one domain (including wildcard domains). Therefore a single certificate can be served for all virtual domains hosted on a single server. An advantage of the subjectAltName is that, unlike SNI, it's already supported by a wide range of software. The downside of this approach is the server operator must find a certification authority who is prepared to issue them a certificate that covers all domains on the server (which may be difficult, especially if the domains have different owners) and that certificate must be reissued whenever a new domain is added.
7.
Since 2005, CAcert has run experiments on different methods of using TLS on virtual servers. Most of the experiments are unsatisfactory and impractical. For example, it is possible to use subjectAltName to contain multiple domains controlled by one person in a single certificate. Such "unified communications certificates" are reissued every time the list of domains changes.
In 2004, a patch for TLS/SNI into OpenSSL
was created by the EdelKey project. In 2006, this patch was then ported to the development branch of OpenSSL, and in 2007 it was back-ported to OpenSSL 0.9.8.
Servers:
Libraries:
Client side:
Server side:
Libraries:
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
protocols. To properly secure the communication between a client and a server, the client requests a digital certificate from the server; once the server sends the certificate, the client examines it, uses it to encrypt the communication, and proceeds with the normal request-response
Request-response
Request-response or request-reply is one of the basic methods computers use to talk to each other. When using request-response, the first computer requests some data and the second computer responds to the request. Usually there is a series of such interchanges until the complete message is sent. ...
conversation. However, in a virtual hosting
Virtual hosting
Virtual hosting is a method for hosting multiple domain names on a server using a single IP address. This allows one server to share its resources, such as memory and processor cycles, in order to use its resources more efficiently....
scenario, several domains -- each with its own potentially distinct certificate -- are hosted on one server. In this case, the server has no way of knowing beforehand which certificate to send to the client. SNI allows the client to inform the desired domain earlier in the protocol, allowing the server to correctly select the proper certificate.
TLS background
One of the most common methods of encrypting a stream-oriented communication session is the Transport Layer SecurityTransport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS) protocol. It is used, for example, when a user types "https" in a browser's URL field.
In order to confirm that the site to which the user wants to connect is actually the site to which the browser connected, TLS uses a digitally-signed certificate that includes the domain name of the site. Client-side software (browsers) generally accepts the certificate as "trusted" because it is signed by a certification authority listed in its internal "root list."
In the TLS startup phase, the client software compares the user-entered domain part of the URI
Úri
Úriis a village and commune in the comitatus of Pest in Hungary....
with the domain name found in the server's certificate (CN or subjectAltName). Should the comparison fail, the browser will warn the user that there is something wrong with the certificate of the site.
The problem SNI tried to fix
The design of SSL v2 follows classical public key infrastructurePublic key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI) expectations of one server, one service, and therefore, one certificate. This meant that the server could select and send the certificate in the early stages of the startup because it knew what domain it was serving.
With virtual hosting
Virtual hosting
Virtual hosting is a method for hosting multiple domain names on a server using a single IP address. This allows one server to share its resources, such as memory and processor cycles, in order to use its resources more efficiently....
, a common feature of HTTP servers, each server provides many domains through the same IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
. The server examines each request to determine which domain is being served. This information is found, for example, in the HTTP request headers. Unfortunately, when setting up TLS encryption, the server must select and send the certificate based on the destination IP address before it reads the domain name in the HTTP request.
Therefore, the simple approach to secure virtual hosting results in the wrong certificate (a default) being used, which causes the browser to warn the user.
Connection with communication interception
In practice, this means that each HTTP server can only serve one domain per IP address and port for secured browsing. As the de facto server situation is for many domains to be served by each web server, the result is that the remaining web servers are effectively prevented from using secure communications, leaving much of the web unsecured. Lack of a valid certificate means that the browser is unable to authenticate the server, meaning it is unable to verify that it is really talking to the site that it requested. This is an important factor in man in the middleMan-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
attacks, which seek to intercept the communication by posing as the server to the client, and as a client to the real server. With an SSL or TLS secured connection, your browser can attempt to authenticate the security of connection based on the target site's certificate. If a man in the middle is present, the certificate fails to validate, and your browser can alert you to the security risk. Without a signed certificate matching the site's host name, there is no standard way of making sure that you are communicating directly with the server you requested, rather than with a "man in the middle".
How SNI fixes the problem
An extension to TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual domain as part of the TLS negotiation. This enables the server to "switch" to the correct virtual domain early and present the browser with the certificate containing the correct CN.Alternatively, the X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
v3 specification introduced the so-called subjectAltName field which allows one certificate to be used for more than one domain (including wildcard domains). Therefore a single certificate can be served for all virtual domains hosted on a single server. An advantage of the subjectAltName is that, unlike SNI, it's already supported by a wide range of software. The downside of this approach is the server operator must find a certification authority who is prepared to issue them a certificate that covers all domains on the server (which may be difficult, especially if the domains have different owners) and that certificate must be reissued whenever a new domain is added.
Action
In 2005, it was realized that there was no easy upgrade path from SSL v2 to TLS, and the web sites had to upgrade their software. To push them along, Mozilla signaled the complete dropping of support for SSL v2, which resulted in a drop of SSL v2–enabled web sites from around 10,000 to 2000. Microsoft also announced the dropping of SSL v2 support with the release of Internet ExplorerInternet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
7.
Since 2005, CAcert has run experiments on different methods of using TLS on virtual servers. Most of the experiments are unsatisfactory and impractical. For example, it is possible to use subjectAltName to contain multiple domains controlled by one person in a single certificate. Such "unified communications certificates" are reissued every time the list of domains changes.
In 2004, a patch for TLS/SNI into OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
was created by the EdelKey project. In 2006, this patch was then ported to the development branch of OpenSSL, and in 2007 it was back-ported to OpenSSL 0.9.8.
Support
Browsers with support for TLS server name indication:- Internet Explorer 7Internet Explorer 7Windows Internet Explorer 7 is a web browser released by Microsoft in October 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser in more than 5 years...
or later, on Windows Vista or higher. Does not work on Windows XP, even Internet Explorer 8. - Mozilla FirefoxMozilla FirefoxMozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
2.0 or later - OperaOpera (web browser)Opera is a web browser and Internet suite developed by Opera Software with over 200 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC, downloading files via BitTorrent,...
8.0 or later (the TLS 1.1 protocol must be enabled) - Opera MobileOpera MobileOpera Mobile is a web browser for smartphones and PDA's developed by the Opera Software company. The first version was released in 2000 for the Psion Series 7 and netBook. Today, it is available for a variety of devices that run on Android, S60, Windows Mobile, Maemo , and MeeGo...
at least version 10.1 beta on Android - Google ChromeGoogle ChromeGoogle Chrome is a web browser developed by Google that uses the WebKit layout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or...
(Vista or higher. XP on Chrome 6 or newer. OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer) - SafariSafari (web browser)Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. First released as a public beta on January 7, 2003 on the company's Mac OS X operating system, it became Apple's default browser beginning with Mac OS X v10.3 "Panther". Safari is also the...
2.1 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher) - KonquerorKonquerorNot to be confused with the Conqueror web browser.Konqueror is a web browser and file manager that provides file-viewer functionality for file systems such as local files, files on a remote ftp server and files in a disk image. It is a core part of the KDE desktop environment...
/KDEKDEKDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Microsoft Windows, Solaris and Mac OS X systems...
4.7 or later - MobileSafari in Apple iOS 4.0 or later
- Android default browser on Honeycomb or newer
- Windows Phone 7Windows Phone 7Windows Phone is a mobile operating system developed by Microsoft, and is the successor to its Windows Mobile platform, although incompatible with it. Unlike its predecessor, it is primarily aimed at the consumer market rather than the enterprise market...
- MicroBMicroBMicroB is a mobile web browser developed by Nokia for use in smartphones and mobile devices that run the Maemo operating system. The browser is Mozilla-based and uses the Gecko layout engine....
on MaemoMaemoMaemo is a software platform developed by the Maemo community for smartphones and Internet tablets. It is based on the Debian Linux distribution, but has no relation to it...
Servers:
- ApacheApache HTTP ServerThe Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
2.2.12 or later using mod_ssl (or alternatively with experimental mod_gnutls) - CherokeeCherokee (Webserver)Cherokee is an open-source Cross-platform Web server that runs on Linux, BSD variants, Solaris, Mac OS X, and Microsoft Windows. It is a lightweight, high-performance Web Server/reverse proxy licensed under the GNU General Public License. Its goal is to be fast and fully functional yet still light...
if compiled with TLS support - Versions of lighttpdLighttpdlighttpd is an open-source web server more optimized for speed-critical environments than common products while remaining standards-compliant, secure and flexible...
1.4.x and 1.5.x with patch, or 1.4.24+ without patch - NginxNginxnginx is a Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. It is licensed under a BSD-like license and it runs on Unix, Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows.- Overview...
with an accompanying OpenSSLOpenSSLOpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
built with SNI support - LiteSpeedLiteSpeed Technologies Inc.LiteSpeed Technologies Inc. is based in New Jersey, USA. It is an information technology company that produces web server software designed specifically for large web sites, such as those of Internet service providers and corporate data centers....
4.1 or later - PoundPound (networking)Pound is a lightweight open source reverse proxy program and application firewall suitable to be used as a web server load balancing solution. Developed by an IT security company, it has a strong emphasis on security. The original intent on developing Pound was to allow distributing the load among...
2.6 or later - Apache TomcatApache TomcatApache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation...
on Java 7 or later - Microsoft Internet Information Server IIS 8
Libraries:
- Mozilla NSSNetwork Security ServicesIn computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME...
3.11.1 client-side only - OpenSSL
- 0.9.8f (released 11 Oct 2007) - not compiled in by default, can be compiled in with config option '--enable-tlsext'.
- 0.9.8j (released 07 Jan 2009) through 1.0.0 (released 29 March 2010) - compiled in by default
- GNU TLS
- libcurl / cURLCURLcURL is a computer software project providing a library and command-line tool for transferring data using various protocols. The cURL project produces two products, libcurl and cURL...
since 7.18.1 (released 30 Mar 2008) when compiled against an SSL/TLS toolkit with SNI support - Python 3.2 (
ssl
,urllib[2]
andhttplib
modules) - Qt 4.8 (not yet released)
- Oracle Java 7 JSSEJava Secure Socket ExtensionThe Java Secure Socket Extension is a set of packages that enable secure Internet communications. It implements a Java technology version of Secure Sockets Layer and Transport Layer Security protocols...
No support
The following combinations do not support SNI:Client side:
- Internet ExplorerInternet ExplorerWindows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
(any version) on Windows XP - SafariSafari (web browser)Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. First released as a public beta on January 7, 2003 on the company's Mac OS X operating system, it became Apple's default browser beginning with Mac OS X v10.3 "Panther". Safari is also the...
on Windows XP - wgetWgetGNU Wget is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get...
has a patch available. - BlackBerryBlackBerryBlackBerry is a line of mobile email and smartphone devices developed and designed by Canadian company Research In Motion since 1999.BlackBerry devices are smartphones, designed to function as personal digital assistants, portable media players, internet browsers, gaming devices, and much more...
Browser - Windows MobileWindows MobileWindows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is...
up to 6.5 - Android default browser on Android 2.x (Targeted for Ice Cream Sandwich)
Server side:
- IBM HTTP ServerIBM HTTP ServerIBM HTTP Server is a web server based on the Apache Software Foundation's Apache HTTP Server that runs on AIX, HP-UX, Linux, Solaris, Windows NT, and z/OS. It is available for and use free of charge but without IBM support. The HTTP server is also included in the IBM WebSphere Application Server...
Libraries:
- Qt client side up to 4.7
- Mozilla NSSNetwork Security ServicesIn computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME...
server side - PythonPython (programming language)Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
2.x (ssl
,urllib[2]
andhttplib
modules)
External links
- RFC6066 (obsoletes RFC4366 (which obsoleted RFC3546))
- https://alice.sni.velox.ch/ Test client-side TLS SNI capability