As such, TLS extends the Transmission Control Protocol (TCP) with an encryption. The encryption protocol is part of the TCP/IP protocol stack. Server name indication takes care that the host name is already transmitted between the server and client before the certificate exchange.
With TLS, though, the handshake must have taken place before the web browser can send any information at all. HTTP designates that the host name is given in a header when a website is requested. If an unsecured connection causes multiple websites to run over one IP address, you usually don’t have to deal with this problem.
For this purpose, the server name indication was introduced. This is why it’s necessary for the client to share with the server the domain (host) with which they would like to establish a connection. So to whom does the client address its “Hello” (the first step of a TLS handshake)? There’s a high probability that the wrong website responds, an incorrect certificate - with the correct host name - is sent, and the connection is not established.
Simple helix server name indication verification#
If the verification comes back negative, then no further data transfer takes place.īut what happens when multiple websites run on a single IP address, as with virtual hosting? Since IPv6 has not yet fully established itself, we have to work with a very limited IP address range and not every domain can claim its own IP address. Once the client has verified this, both communication partners receive the connection and exchange data. With this virtual handshake, the server identifies itself to the client and sends the corresponding security certificate. This is where the client and the server - in practice, this usually means the web browser and the website - exchange information before beginning the actual data transfer. The successor of the Secure Sockets Layer (SSL) uses a so-called TLS handshake. Before you can understand why SNI was developed, you first need to understand how TLS works.
0 kommentar(er)
