en

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform →

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting →
--> News
--> Blog
Learning
Press
Case Studies
Downloads
  1. Home
  2. Blog
  3. nonSNI: A Special Feature Not Everyone Has

nonSNI: A Special Feature Not Everyone Has

Published May 14, 2018 in CDN, Product Features

In this article

nonSNI: A Special Feature Not Everyone Has

In modern systems many services are frequently hosted on the same IP address. And each service must have its own security certificate. To differentiate certificates on one IP, SNI standard was invented (in addition to SSL).

What is SNI?

SNI (Server Name Identification) is an extension of the TLS protocol indicating which site a visitor tries to reach at establishing a connection.

Even prior to SSL handshake, SNI allows to specify the needed certificate. But in order to get everything working, the web browser a client is using must support SNI.

However, SNI technology is not supported by all browsers. And in such case an alert message will pop up indicating that the SSL certificate is invalid.

How to deal with systems not supporting SNI?

Old versions of server software and browsers do not support SNI (for example, Internet Explorer 6 and 7 for Windows XP or Android 2.0).

Some software is using old frameworks, and the customers don’t want to abandon it. They are definitely not going to update it, but the availability of services is critical.

In such case for those customers who are using older versions of browsers and frameworks it is possible to allocate a specific address and, provided there is no SNI, issue only a certificate that this customer’s software is expecting. But it is expensive and inconvenient to administer.

What have we offered?

If SNI is not requested, we issue *.gcdn.co as a default certificate. There remains just one requirement: client’s CNAME must be on *.gcdn.co domain. Then SNI will not be requested and it will be given a default certificate.

We call this feature nonSNI. And for some of our customers this nonSNI availability in CDN is an important advantage.

Browsers supporting SNI:

  • Internet Explorer 7 or later
  • Microsoft Edge
  • Mozilla Firefox 2.0 or later
  • Google Chrome 6 or later
  • Opera 8 or later with TLS 1.1 support enabled
  • Yandex Browser
  • Safari 2.1 or later

Mobile platforms supporting SNI:

  • iOS 4.0
  • Android 3.0 (Honeycomb)
  • Windows Phone 7

Related product

Try Gcore CDN
  • 150+ points of presence
  • Low latency worldwide
  • Dynamic content acceleration
  • Smart asset optimization
  • Top-notch availability
  • Outstanding connectivity
Try for free About

Related articles

Subscribe and discover the newest
updates, news, and features

We value your inbox and are committed to preventing spam