Lightboard Lessons: TLS Server Name Indication

Server Name Indication (SNI) is an extension to the TLS protocol that allows the client to include the requested hostname in the first message of the SSL handshake (Client Hello).  Prior to the intro...
Published Dec 21, 2016
Version 1.0
BIG-IP
lbl
security
sni
ssl
tls
ltwagnon's avatar
ltwagnon
Ret. Employee
Dec 27, 2016

@Fulmetal...great question! I'm only speculating here on the motivation behind HTTP/2 requiring SNI when using TLS, but it does make sense that the new/improved HTTP/2 protocol makes it necessary to ensure the client will receive the correct certificate when establishing the TLS handshake (by the way, TLS is not actually mandatory when using HTTP/2 per the RFC, but all the major browsers won't use HTTP/2 without encryption). With the improvements in the more modern protocol(s), you would expect that some of these types of features (TLS SNI being one of them) would become more and more mandatory as technology advances. What was once a "nice to have" security feature has now become an expected part of doing business in today's more advanced, feature-rich Internet. I wouldn't doubt if this trend continues with other features (security and otherwise) as well. Hope this helps!