Introducing Image Stack
Get started for free Sign in

Select the Gcore Platform

Recommended
Gcore Edge Solutions
Go to Gcore Platform →
Products:
  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Gcore Hosting
Go to Gcore Hosting →
Products:
  • VPS Hosting
  • Dedicated Servers
  • SSL Certificates

nonSNI: A Special Feature Not Everyone Has

Published May 14, 2018



In modern systems many services are frequently hosted on the same IP address. And each service must have its own security certificate. To differentiate certificates on one IP, SNI standard was invented (in addition to SSL).

What is SNI?

SNI (Server Name Identification) is an extension of the TLS protocol indicating which site a visitor tries to reach at establishing a connection.

Even prior to SSL handshake, SNI allows to specify the needed certificate. But in order to get everything working, the web browser a client is using must support SNI.

However, SNI technology is not supported by all browsers. And in such case an alert message will pop up indicating that the SSL certificate is invalid.

How to deal with systems not supporting SNI?

Old versions of server software and browsers do not support SNI (for example, Internet Explorer 6 and 7 for Windows XP or Android 2.0).

Some software is using old frameworks, and the customers don’t want to abandon it. They are definitely not going to update it, but the availability of services is critical.

In such case for those customers who are using older versions of browsers and frameworks it is possible to allocate a specific address and, provided there is no SNI, issue only a certificate that this customer’s software is expecting. But it is expensive and inconvenient to administer.

What have we offered?

If SNI is not requested, we issue *.gcdn.co as a default certificate. There remains just one requirement: client’s CNAME must be on *.gcdn.co domain. Then SNI will not be requested and it will be given a default certificate.

We call this feature nonSNI. And for some of our customers this nonSNI availability in CDN is an important advantage.

Browsers supporting SNI:

  • Internet Explorer 7 or later
  • Microsoft Edge
  • Mozilla Firefox 2.0 or later
  • Google Chrome 6 or later
  • Opera 8 or later with TLS 1.1 support enabled
  • Yandex Browser
  • Safari 2.1 or later

Mobile platforms supporting SNI:

  • iOS 4.0
  • Android 3.0 (Honeycomb)
  • Windows Phone 7

Share this article

Related articles

Uncategorized
Privately Access Instagram and Telegram with a Gcore OpenVPN Instance
In our interconnected, digital world, privacy is paramount. To maintain your data privacy when using Instagram, Telegram, and other services,...
May 15, 2023 3 min read
Uncategorized
Install and Play Quake III Arena in Docker Using Gcore Basic
In this tutorial, we’ll explore how to install Quake III Arena, a popular first-person shooter, in Docker, and then play...
May 9, 2023 3 min read
Uncategorized
Install nginx on Kubernetes Using Gcore Managed Kubernetes and Helm
In this tutorial, we’ll explore how to install nginx in a Kubernetes cluster using the Gcore Managed Kubernetes service and...
May 4, 2023 4 min read

Subscribe to a useful newsletter

Favorable offers and important news once a month. No spam.