https - hopefully not too stupid a question

Chris Edwards chris-ukcrypto at
Sun Jun 17 17:27:05 BST 2012

On Sun, 17 Jun 2012, Peter Fairbrother wrote:

> Does SNI get used every time, or only on request, eg when a single IP address
> hosts many different domains?

SNI involves sending the URL hostname in the clear as part of the TLS 
client HELLO, which is the very first packet of every connection, after 
the 3-way TCP handshake.  At this stage, the client does not know whether 
server understands, or wishes to see the SNI.  So therefore it's always 
sent, regardless.  If the server isn't interested, it will simply ignore 

Older browsers don't do this.  But most things post Win XP do.

More information about the ukcrypto mailing list