What Does the TLS SNI Extension Do?
The Transport Layer Security (TLS) protocol is used to establish secure and encrypted connections between a client and a server over the internet. The Server Name Indication (SNI) extension is a part of the TLS protocol that allows a client to specify the hostname of the server it is trying to connect to during the SSL/TLS handshake.
A web server is frequently in charge of several hostnames, also known as domain names (the names of websites that are readable by humans). In the event that the websites adopt HTTPS, each hostname will have a unique SSL certificate.The issue is that one server’s hostnames are all assigned the same IP address. This is not an issue with HTTP, as the client will specify the website it is attempting to access in an HTTP request as soon as a TCP connection is established.However, HTTPS encrypts HTTP messages; it does not replace HTTP with another protocol. Instead, it requires a TLS handshake before the HTTP discussion can start. Therefore, without SNI, the client cannot tell the server whose hostname they are interacting with. Consequently, the server can generate the SSL certificate for an incorrect hostname. The client browser gives an error and typically closes the connection if the name on the SSL certificate does not match the name the client is attempting to access.In order for the TLS process to reach the correct domain name and obtain the correct SSL certificate, SNI adds the domain name to the TLS handshake process. This allows the remainder of the TLS handshake to proceed normally.
What is Server Name Indication (SNI)?
All that a server name is is the computer’s name. Unless the server hosts a single domain and the server name is the same as the domain name, this name is not displayed to end users for web servers. An addition to the Transport Layer Security computer networking protocol is called Server Name Indication, which enables the client to provide the hostname it is attempting to connect to at the outset of the handshaking procedure.