About
- VAS Experts
  
  Software developer for Internet Service Providers and Telecom Industry
- Events
  
  Join us at events or sign up for a webinar
- Customer Reviews
  
  Find out what customers say about VAS Experts' solutions
- Contacts
  
  Feel free to contact us with any question or suggestion
Products
- For telecom operators
- Stingray Service Gateway
  
  Multifunctional Platform for flexible solution of operator tasks
- BRAS/BNG
  
  Scalable and Cost-Effective Software Gateway
- CG-NAT
  
  Providing transparent network address and protocol translation
- QoE Analytics
  
  Traffic Monitoring and Analysis System
- For mobile carriers
- LBS
  
  Module for detection of subscriber's location
- EPDG
  
  Solution for launching Wi-Fi Calling (VoWiFi)
- PCEF
  
  Execution of quality of service (QoS) policies and flexible billing based on different conditions
Solutions
- FOR SERVICE PROVIDERS
- Software-based BNG/BRAS
  
  Border Network Gateway with full statisctics and analysis
- CG-NAT & IPv6 Migration
  
  Smooth transition of the entire infrastructure to IPv6
- Prioritize essential applications and offer the best quality of service
  
  Prioritize critical applications and provide the best Quality of Service
- Network Visibility
  
  The key to a profitable and successful business
- Regulatory Compliance
  
  Automate compliance with legal requirements
- WiFi HotSpot Management
  
  Control the data of users who access the Internet via Hotspot
- Value Added Services
  
  Additional options to increase operator's income
- vStack-R
  
  Recommended server platform for SSG integration
- FOR ENTERPRISE AND DATACENTERS
- DLP system
  
  Prevent confidential information leakage
- Detecting Threats
  
  Detect network attacks that worsen services quality
- MiniDPI
  
  Mini-platform for processing and analyzing traffic up to 2 Gbps
Partners
- Our partners
  
  Find a System Integrator in your region
- Become a Partner
  
  Become our partner to build and develop reliable networks for your customers
- Partner Program
  
  Learn more about our affiliate Partner Program
Resources
- Documentation
  
  VAS Experts knowledge base
- Brochures
  
  Download documents and presentations about the company and its products
- Success Stories
  
  Our customers' cases with a description of tasks, solutions and technologies used
- Glossary
  
  Key industry concepts and terms
- Videos
  
  Presentations and video instructions for solutions
- Use Cases
  
  The library of product capabilities
- FAQ
  
  Find out answers to your questions about BRAS/BNG, CG-NAT, QoS, and QoE solutions
Blog

SNI

June 8, 2021

Server Name Indication is an extension to the TLS encryption protocol. SNI enables a client device to indicate the domain name it attempts to connect at the first stage of the TLS handshake which comprises establishing a secure HTTPS connection including TLS certificate authentication and encryption key generation. This helps to prevent name mismatch errors.

Problem

Sometimes several websites are located on one server, have the same IP address, but each of them has its own SSL certificate. In such cases, a server may not know which of the certificates it should use when a client device tries to connect to a website. The reason is that SSL/TLS handshake takes place before a client device sends a message via HTTP saying to which website it attempts to connect. This can result in a so-called “common name mismatch error”. It means that a client connects to the right IP address, but the common name in the SSL certificate doesn’t match the domain name.

Solution

SNI participates in TLS/SSL handshake and helps clients to see the right SSL certificate for the source they try to connect. SNI adds the domain name during the TLS handshake so that the TLS process reaches the right domain name and gets the correct SSL certificate, enabling the rest of the TLS handshake to proceed as usual. In particular, SNI introduces the hostname to the Client Hello message which is the first step of TLS handshake. Thus, SNI enables clients to open a secure connection with a website even if many other resources have the same IP address.

SNI was added as an extension to TLS/SSL in 2003, and initially, it wasn’t a part of the protocol. Almost all browsers, operation systems, and web servers support SNI. If you use a very old browser version or a mobile operating system like BlackBerry, more likely you wouldn’t be able to visit certain websites and your browser will send an error message “Your connection is not private”.

Vote:

5 out of 5

Average rating : 5

Rated by: 1

We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.