2017年12月2日 星期六

SAN v.s. SNI

Subject Alternative Name (SAN): Binding multiple host names with a single certificate. 缺點是每增加一個host name, 憑證需要重新issue.

Server Name Indication (SNI): Allow a server to present multiple certificates for a single network IP address and port.  SNI having the client send the name of the virtual domain as part of the TLS negotiation. This enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name.

Reference:
https://en.wikipedia.org/wiki/Server_Name_Indication

沒有留言:

張貼留言