Apache SNI is not needed what is the issue?

I read this article and still don't understand the issue.

If I understand correctly the client negotiates after the first SSL connection and then gets the correct hostname and thus correct certificate.

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To their credit I know I'm not using SNI becuase I get this message in the Apache log :)

[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

But once again I don't get the issue.  SSL works fine with my name based vhosts and allows me to use a shared certificate by default and if I want a "real certificate" I just buy another IP from my provider, assign it to the right domain and buy the new certificate and set it up.

To put it in perspective I've used this for years on my own manual websites, using Name Based vhosts and a shared SSL certificate AND sites with separate IPs that have their own without issue.  SNI sounds like it is not as widely as supported by clients as normal SSL connections.

I guess the only real benefit of SNI is the ability to serve multiple unique certificates without a separate IP being required, but I don't see this being an issue for most people unless they're on a real budget.

I do agree at some point in the future it may be a problem, but by then IPV6 should be widely adopted and IPs will no longer again be an issue.


Tags:

apache, sni, correctly, negotiates, ssl, hostname, thus, certificate, http, wiki, org, httpd, namebasedsslvhostswithsni, becuase, init, virtual, hosts, conjunction, vhosts, allows, default, quot, ip, provider, assign, domain, ve, manual, websites, sites, ips, widely, supported, connections, multiple, certificates, ipv,

Latest Articles

  • Ubuntu Debian Linux Cannot Install Wine Solution - wine1.6 : Depends: wine1.6-i386 (= 1:1.6.2-0ubuntu14.2) but it is not installable wine1.4 : Depends: wine1.6 but it is not going to be installed
  • How To Install python 3.4 3.5 and up on Linux with wine - Working Solution
  • using Xvfb on virtual remote ssh server to have X graphical programs work
  • ssh Received disconnect from port 22:2: Too many authentication failures
  • named bind errors - DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'
  • OpenVZ vs LXC DIR mode poor security in LXC
  • httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.s
  • Radeon R3 GPU on Debian Crashing
  • MySQL 5.7 on Debian and Ubuntu - How To Reset Root Password
  • SSH and sshfs timeout settings keepalive
  • Linux How To Add User To Additional Group
  • Howto Set Static IP on boot in initramfs for dropbear or other purposes NFS, Linux, Debian, Ubuntu, CentOS
  • Convert and install to LUKS Encrypted Drive Ubuntu 18.04 19.10 Linux Mint and Debian Based Linux
  • Debian and Netplan
  • CentOS 8 how to restart the network!
  • CentOS 8 how to convert to a bootable mdadm RAID software array
  • ADATA USB Thumb Drive Issues
  • KMODE EXCEPTION NOT HANDLED - QEMU/KVM Won't Boot Windows 2016 or 10 Image or Physical Machine
  • Linux Mint / Ubuntu / Debian Mate Disable Guest Session and Hide Usernames on Lightdm Login screen GUI
  • SSH How To Create Public/Private Key Pair and with a Larger Keysize than 2048 bits