SNI or server name indication is an addition or an extension to the TLS protocol which again stands for transport layer security. So, basically server name indication allows the client to indicate the host where it wants to terminate the encrypted session.
It allows a server to present multiple certificates on the same IP address and TCP port number and hence allow multiple secure (https) websites to be served by the same IP address without requiring all those sites to use the same certificate.
How it works?
While working with TLS, let’s suppose you have an IP address which has a virtual server on which you want to host multiple secure sites. Now, you want to direct a client to one of those secure websites with only a single virtual server in act.
Now, the question arises how you are gonna do that. So, now the SNI comes into the act. Every site has their own digital certificates. Before any handshaking process the client demands a digital certificate from the server. The server sends the certificates and the client matches the name on the certificate with which it wants to form the connection. If the certificate matches, then the client proceeds further and allows the server to make the connection. However, if there is a mismatch of the certificates then the server automatically shows the discrepancy and the connection is aborted.
Now, you can consider SNI as a blessing in disguise because before SNI was introduced every secure website requires a unique IP address which was highly costly and made the encryption process a tad bit tedious.
Disadvantage:
But, there is a disadvantage too. As every good thing comes with a side effect too. It consumes a lot more of IPv4 address which is 32 bit numeric internet protocol address. So, mathematically 32 bit means that it can comment to 2n number of devices.
So, 2 raised to the power of 32 = 4,294,977,962 billions devices
Which is not sufficient considering the fact that there are trillions and zillions of connected devices used globally by the people.
So, we are trying to overcome that issue by shifting toward newer version of IP address that is IPv6 which is 128 bits of protocol which means that it can get connected to approximately trillions of devices.
What is SSL?
SSL stands for Secure Socket layer.
Just so to be clear SSL is a predecessor of TLS system.
So, here I will be going through its working so to better understand how SNI has shorten this whole lot tedious process for us and made web browsing a better place for the user.
It is used for secure communication over devices. Basically, when an encrypted message is sent over from client to host, then this protocol ensures it’s safe transfer.It prevent any leakage of personal or sensitive data.
So, it has a number of applications is data transfer, web browsing, emails etc.
It works on three principles which are:
- Integrity
It means that data should be sent over to the server in its original form.
- Authentication
The two entities having the communication for eg., server and client or server and server should be authenticated.
So, it normally prevents the transfer of data between authenticated sites.
- Confidentiality
This parameters covers the part where an intruder or third party is denied access to the data. Which means that only authorized person can access the data which is being shared.
How it works?
- So, the message to be sent from the client is first send over to SSL where it encrypts the data using different encryption algorithms which secures the data to be transferred. Hence, reducing the chances of data hacking.
- Now, the encrypted data is tagged with a SSL header and form a packet of data
- This packet of data is now sent to the host/ server.
- Now, before the host receives the data, it gets decrypted so the message becomes readable
So, for that to happen the SSL header is first removed from the data. Now the decryption of the data takes place.
After the data/ message is fully decrypted it is sent over to the application layer of the receiver from where the host gets integrated confidential message.
Protocols used by SSL
SSL uses four different protocols for the safe transfer of data which are:
1. Handshake protocol
This protocol handles the establishment of connection to be set up between host and client. It authenticates the entities for the secure transfer of the data.
But the confidentiality and integrity of the data is managed by another protocol called SSL record protocol
2. Change cipher spec protocol
It handles the encryption process of the data
3. Alert protocol
It handles the Alert message sent during the transfer of data when any error occurs which indicates any chances of insecure connections.
4. HTTPS
It stands for hypertext transfer protocol secure which is nothing but an extension of HTTP but with an issued SSL certificate which ensures secure transfer of data over devices by encryption the data.
Importance of SNI in SSL technology
SNI has nothing but proved itself beneficial in the long run.
- You can run multiple SSL certificates on a single IP address. You do not need to buy different IP address for different sites which can be a little hard on the pocket.
- It is not tampering with security as you require SSL certificate before the handshaking protocol.
- It automatically aborts any insecure connection
So, this article concludes that SNI has provided a user friendly options which do not require unique IP address each time you need to transfer data to a different site. It has proven itself to be cost effective as well as time saving.
