Now, when creating a new CDN resource, the feature is automatically enabled to ensure the use of SNI when accessing the origin. In this article, we’ll tell you what SNI is, what is its use and how to change the name of an SNI host.
SNI (Server Name Indication) is an extension to the TLS protocol that allows clients to provide a hostname when they contact a server.
When a client establishes a connection to a server, it refers to a specific IP address. However, it often happens that several different, unrelated websites may be located on the same server. This can happen, for example, if the website is located on a virtual server.
As a result, several different websites have the same IP address. How to understand which one the client needs?
With HTTP, it’s easy. The domain name of the website is usually specified in the first HTTP request. The server easily determines which website the client needs, and connects them.
HTTPS, however, poses a problem. In this case, the client and the server establish a secure connection using TLS before transmitting data over HTTP. But the TLS handshake doesn’t allow the client to indicate which domain it needs.
The problem is that different domains located on the same server may have different SSL certificates. When a secure connection is established, the server must pass the certificate data to the client. And if the server cannot determine which domain certificate is needed, it may transfer the wrong one. In this case, the user’s browser will return an error, and the connection will be terminated.
SNI allows you to tell the server which domain the client is accessing, during the handshake. In this case, the server will be able to transmit the correct SSL certificate, and the connection will be successfully established.
The client sends a request.
The SNI hostname is a symbolic designation by which the client communicates and the server determines to which domain the request is addressed.
Our global CDN serves a huge number of different websites and web applications. Every day, a lot of requests go through CDN servers to different domains. For everything to work smoothly and for the users of to be able receive content quickly and safely, SNI must be used.
Therefore, the SNI option is automatically enabled when a new resource is created.
A dynamic SNI hostname is set by default. It will always match the Host header. It means that, if you change the Host header, the SNI hostname will change automatically.
However, if for some reason you need the SNI host name not to match the Host header, you can change it to a custom one.
Deliver content quickly, securely, and error-free with the G-Core Labs CDN.