Enable SNI

Rule from ssl under security category

What is a trooper!

we have submitted your edit to the community for review! We'll review and make it live on the site in the next few hours, the internet thanks you :).

Browse another section of the knowledge base



Suggest an edit

Cancel

This rule has no content... yet.

Add content to this rule

Or just browse to view rules that have content



 

Server Name Indication (SNI) provides a way for servers to host multiple SSL domains, where in the past only one domain per IP could be configured.

Clients have been defaulting to expecting SNI to be enabled on a server, so to avoid any unexpected behaviour servers should look into enabling SNI. Gaining the extra option of hosting more domains on the same IP, which is a BIG plus.

Olders clients such as Windows XP using MSIE do not support SNI, and enabling could cause issues for clients using those systems. It is thus advised to make a informed decision on this for your specific use case.

How do I fix this?

Most newer web servers like NGINX / Apache would have SNI enabled by default. Find and disable the command currently disabling the setting.

Apache will make use of SNI when virtual hosts are configured by default as well.

Resources

Browse another section of the knowledge base



Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started