Attention
You have Cookie disabled in your browser. Displaying the site will be incorrect!
en ru de
Back to blog

How we use SNI in the CDN

Now, when creating a new CDN resource, the feature is automatically enabled to ensure the use of SNI when accessing the origin. In this article, we’ll tell you what SNI is, what is its use and how to change the name of an SNI host.

What is SNI?

SNI (Server Name Indication) is an extension to the TLS protocol that allows clients to provide a hostname when they contact a server.

Why is SNI needed?

When a client establishes a connection to a server, it refers to a specific IP address. However, it often happens that several different, unrelated websites may be located on the same server. This can happen, for example, if the website is located on a virtual server.

As a result, several different websites have the same IP address. How to understand which one the client needs?

With HTTP, it’s easy. The domain name of the website is usually specified in the first HTTP request. The server easily determines which website the client needs, and connects them.

HTTPS, however, poses a problem. In this case, the client and the server establish a secure connection using TLS before transmitting data over HTTP. But the TLS handshake doesn’t allow the client to indicate which domain it needs.

The problem is that different domains located on the same server may have different SSL certificates. When a secure connection is established, the server must pass the certificate data to the client. And if the server cannot determine which domain certificate is needed, it may transfer the wrong one. In this case, the user’s browser will return an error, and the connection will be terminated.

SNI allows you to tell the server which domain the client is accessing, during the handshake. In this case, the server will be able to transmit the correct SSL certificate, and the connection will be successfully established.

How does it work?

The client sends a request.

  1. The request is directed to the origin server via the CDN.
  2. A secure connection with the server is established using TLS.
  3. When the connection is established, the very first message—client hello—contains the name of the SNI host.
  4. Using this name, the server determines which domain the client is accessing, and transmits the required SSL certificate.
  5. A secure connection is established and HTTP transmission begins.

How we use SNI in the CDN

The SNI hostname is a symbolic designation by which the client communicates and the server determines to which domain the request is addressed.

How do we use SNI in G-Core Labs CDN?

Our global CDN serves a huge number of different websites and web applications. Every day, a lot of requests go through CDN servers to different domains. For everything to work smoothly and for the users of to be able receive content quickly and safely, SNI must be used.

Therefore, the SNI option is automatically enabled when a new resource is created.

A dynamic SNI hostname is set by default. It will always match the Host header. It means that, if you change the Host header, the SNI hostname will change automatically.

However, if for some reason you need the SNI host name not to match the Host header, you can change it to a custom one.

How do I change the SNI host name?

  1. In your personal account, select a resource in the “CDN resources” section.
  2. In the “Settings” tab, click “Show advanced settings”. How we use SNI in the CDN
  3. The option is located in the “Security” section. How we use SNI in the CDN
  4. Select a custom SNI hostname and enter the desired name in the field below.
  5. Click “Save changes”. How we use SNI in the CDN

Deliver content quickly, securely, and error-free with the G-Core Labs CDN.

Subscribe to a useful newsletter

Favorable offers and important news once a month. No spam