[cryptography] [Cryptography] TLS2

Tom Ritter tom at ritter.vg
Mon Sep 30 07:59:29 EDT 2013


On 30 September 2013 07:07, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi Ben,
>
>> Boy, are you out of
>> date: http://en.wikipedia.org/wiki/Server_Name_Indication.
>
> I am not so sure many servers support it, though. My latest data,
> unfortunately, is not evaluated yet. But in 2011 the difference between
> switching on SNI and connecting without it, was pretty meagre across the
> Alexa range. Granted, many of those hosts may not be VHosts.
>
> Does Google have better data on that?

I think you're testing that wrong. The major websites run one website
at multiple IPs - not multiple websites at a single IP.  So connecting
with/without SNI will usually get you the same result.

You want to test the Alexis 2,000,000 - 3,000,000 sites and see if you
get a different result - hit shared hosting sites, where multiple
sites run on a single IP.

As far as software support, there are a few clients where support
isn't there (most notable Java 1.7 and anything on Windows XP), but
server support is there.[0]

-tom

[0] https://en.wikipedia.org/wiki/Server_Name_Indication


More information about the cryptography mailing list