Tue Sep 22 12:07:28 -0700 2009

SNI is a technology that allows you to combine VirtualHosts and SSL. Currently you need one IP address per SSL certificate, which sucks in general, and is massively restrictive in a cloud computing environment.

SNI works with the latest version of all major browsers (Firefox, Opera, Safari, and Internet Explorer). The only catch is that it will present a warning on IE6 or before, or any version of IE running on Windows XP. (Firefox on XP does work, though.) Currently, IE-on-XP accounts for about half the general browsing population, though probably less among a technical crowd.

To use SNI with the latest version of Nginx, all you need to do is specify a cert for your virtual host. That’s it. Apache can also do SNI, via the mod_gnutls module.

SNI is not yet in widespread use, despite its massive usefulness, due to the Windows XP problem. But I predict that within two years, this will be a non-issue. It reminds me a bit of the debate over CSS five or six years ago. Many people predicted that CSS would never become mainstream, because there were entrenched browser versions (Netscape 3 and 4, IE 3 and 4) that didn’t support it, and non-technical users had no motivation to upgrade.

Here we are in 2009 and this debate is long forgotten. All websites are built using CSS now; we hardly can imagine a web without it. SNI is not as important as CSS, but its adoption in a few years time will be the same: ubiquitous.