Apache 2.2.12 or higher version can support Server Name Identification (SNI) in Transport Layer Security (TLS). That is to say, multiple SSL websites can be hosted on a single IP address. This is a great help. In fact, SNI in TLS has become an IETF standard (RFC 3546) dated back to end 2003.
There is now a tool to test if browsers can support SNI in the TLS handshake:
https://sni.velox.ch/
During the test, I noticed IE8 prompted an error message of invalid certificate, I just pressed the continue browsing button and I saw more details about IE failure.
What I observed is that the current version of Firefox, Chrome and Safari are capable of SNI while IE still lacks this function. On server side, I track that Microsoft IIS 7.5 is not able to do this SNI thing, but Microsoft has committed to make it in the next version. For browsers in smartphones, I can not test one by one since there are so many different packages.
This is just a bit of development. There is a long way to go before a single IP address can support multiple SSL websites on all different platforms while some browsers might still fall behind.
No comments:
Post a Comment