Multiple SSL websites on a single IP address

Apache 2.2.12 or higher version can support Server Name Identification (SNI) in Transport Layer Security (TLS). That is to say, multiple SSL websites can be hosted on a single IP address. This is a great help. In fact, SNI in TLS has become an IETF standard (RFC 3546) dated back to end 2003.

There is now a tool to test if browsers can support SNI in the TLS handshake:


During the test, I noticed IE8 prompted an error message of invalid certificate, I just pressed the  continue browsing button and I saw more details about IE failure. 

What I observed is that the current version of Firefox, Chrome and Safari are capable of SNI while IE still lacks this function. On server side, I track that Microsoft IIS 7.5 is not able to do this SNI thing, but Microsoft has committed to make it in the next version.  For browsers in smartphones, I can not test one by one since there are so many different packages.

This is just a bit of development. There is a long way to go before a single IP address can support multiple SSL websites on all different platforms while some browsers might still fall behind.

No comments: