Gaming industry under DDoS attack. Get DDoS protection now. Start onboarding
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Blog
  3. How we use SNI in the CDN
Network
Expert insights
Developers

How we use SNI in the CDN

  • March 24, 2021
  • 2 min read
How we use SNI in the CDN

Now, when creating a new CDN resource, the feature is automatically enabled to ensure the use of SNI when accessing the origin. In this article, we’ll tell you what SNI is, what is its use and how to change the name of an SNI host.

What is SNI?

SNI (Server Name Indication) is an extension to the TLS protocol that allows clients to provide a hostname when they contact a server.

Why is SNI needed?

When a client establishes a connection to a server, it refers to a specific IP address. However, it often happens that several different, unrelated websites may be located on the same server. This can happen, for example, if the website is located on a virtual server.

As a result, several different websites have the same IP address. How to understand which one the client needs?

With HTTP, it’s easy. The domain name of the website is usually specified in the first HTTP request. The server easily determines which website the client needs, and connects them.

HTTPS, however, poses a problem. In this case, the client and the server establish a secure connection using TLS before transmitting data over HTTP. But the TLS handshake doesn’t allow the client to indicate which domain it needs.

The problem is that different domains located on the same server may have different SSL certificates. When a secure connection is established, the server must pass the certificate data to the client. And if the server cannot determine which domain certificate is needed, it may transfer the wrong one. In this case, the user’s browser will return an error, and the connection will be terminated.

SNI allows you to tell the server which domain the client is accessing, during the handshake. In this case, the server will be able to transmit the correct SSL certificate, and the connection will be successfully established.

How does it work?

The client sends a request.

  1. The request is directed to the origin server via the CDN.
  2. A secure connection with the server is established using TLS.
  3. When the connection is established, the very first message—client hello—contains the name of the SNI host.
  4. Using this name, the server determines which domain the client is accessing, and transmits the required SSL certificate.
  5. A secure connection is established and HTTP transmission begins.

The SNI hostname is a symbolic designation by which the client communicates and the server determines to which domain the request is addressed.

How do we use SNI in Gcore CDN?

Our global CDN serves a huge number of different websites and web applications. Every day, a lot of requests go through CDN servers to different domains. For everything to work smoothly and for the users of to be able receive content quickly and safely, SNI must be used.

Therefore, the SNI option is automatically enabled when a new resource is created.

A dynamic SNI hostname is set by default. It will always match the Host header. It means that, if you change the Host header, the SNI hostname will change automatically.

However, if for some reason you need the SNI host name not to match the Host header, you can change it to a custom one.

How do I change the SNI host name?

  1. In your personal account, select a resource in the “CDN resources” section.
  2. In the “Settings” tab, click “Show advanced settings”.
  3. The option is located in the “Security” section.
  4. Select a custom SNI hostname and enter the desired name in the field below.
  5. Click “Save changes”.

Deliver content quickly, securely, and error-free with the Gcore CDN.

Try CDN for free

null

Gcore Team

Content Team

Table of contents

Try Gcore Network

Gcore all-in-one platform: cloud, AI, CDN, security, and other infrastructure services.

Try for free

Related articles

Four e-commerce takeaways from the Berlin Expo

E-commerce is moving fast — and the conversations at E-commerce Berlin Expo reflected just how much has changed in the last few years.Now that the event is over, here are four things I took away from speaking with key players across the ind

Gcore partners with AVEQ to elevate streaming performance monitoring

At Gcore, delivering exceptional streaming experiences to users across our global network is at the heart of what we do. We're excited to share how we're taking our CDN performance monitoring to new heights through our partnership with AVEQ

How we engineered a single pipeline for LL-HLS and LL-DASH

Viewers in sports, gaming, and interactive events expect real-time, low-latency streaming experiences. To deliver this, the industry has rallied around two powerful protocols: Low-Latency HLS (LL-HLS) and Low-Latency DASH (LL-DASH).While th

Gcore CDN updates: Dedicated IP and BYOIP now available

We’re pleased to announce two new premium features for Gcore CDN: Dedicated IP and Bring Your Own IP (BYOIP). These capabilities give customers more control over their CDN configuration, helping you meet strict security, compliance, and bra

Smart caching and predictive streaming: the next generation of content delivery

As streaming demand surges worldwide, providers face mounting pressure to deliver high-quality video without buffering, lag, or quality dips, no matter where the viewer is or what device they're using. That pressure is only growing as audie

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe