Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

SNI SSL vs IP SSL: A Breakdown of Difference & Similarities Between the Two

SNI Allows AN SSL/TLS Certificate to Bind a Website With a Shared IP Address

It’s quite unusual and rare that you might come across terms such as SNI SSL and IP SSL or any website that informs regarding the differences among SNI SSL vs IP SSL. These terms were quite popular in the early days when SSL/TLS certificates were quite new.

A Quick Look at SNI SSL vs IP SSL

Earlier in the days, when SSL was new, there was only one type of SSL certificate, and that was OV (organization validated). In those days, when SSL was all new, the rule was that websites that deal with sensitive information of the users were only required to have an SSL certificate installed. And, most of those were a legit business, so an issuance of OV SSL was not a big deal. Also, it was only limited to the USA. Furthermore, Thawte becomes the first Certificate Authority (CA) that started issuing an SSL certificate globally to the international domains.

And besides that, there was another main reason why only the OV SSL certificate was being issued and not any other – IP Address. Yes, only the OV SSL certificate was the one who was capable of securing IP addresses. Nowadays, it’s not a big deal, but earlier, it was something every CA used to keep it hidden because of every website required to have a unique IP address of its own. And, in shared hosting, multiple websites are kept on the same IP address, so SSL wasn’t really considerable.

Due to this very reason, in 2003, SNI (Server Name Indication) came into existence, which was an extension to TLS.

In the beginning, SSL was a protocol used for securing HTTP connections. But later issues started showing up, and even vulnerabilities were also found in a short period of time. SSL versions were upgraded to 3.0. It was replaced with TLS, also called Transport Layer Security.

Here’s How Connection of SSL Differs From TLS

The major difference is seen during the connections. An SSL connection is directly made through port 443, whereas TLS starts with a hello through an insecure channel and then moves to port 443, followed with a successful handshake. In other words, TLS is another protocol compared to SSL, though both serve the same function, they carry a little difference, which clears the way for SNI.

What’s SNI?

Put simply, SNI (Server Name Indication) is something that’s added into the TLS encryption protocol that binds a shared server hosted website related to its SSL certificate with the help of its hostname. And IP SSL is something that binds an SSL certificate to the account that has a unique IP address. However, before we delve into the SNI SSL vs IP SSL in comparison, let’s better understand these two terms.

sni ssl vs ip ssl

SNI SSL vs IP SSL – Brief Overlook

IP based SSL certificates are expensive ones, especially when you have more than one website because a limited number of IPv4 addresses are available. Also, IP based SSL certificate uses the dedicated public IP address of the server on which your website is hosted for mapping the certificate to the site. Due to which for every dedicated IP address, web hosts charge extra fees.

On the other hand, SNI is an extension for the TLS protocol that lets each website or domain hosted on a shared server under a single IP to be mapped with a separate certificate. And at the time of the TLS handshake, the client hello makes use of the SNI field, specifically that hostname to which it’s connecting. And the server parses this request and sends the appropriate certificate back for completing that encryption connection.

sni vs ip ssl mechanism
Let’s look into it with an example:

For instance, Bob is looking to host multiple websites on a virtual server. According to that, one IP address will be shared among all the websites with the help of different hostnames. And Bob knows that server should be aware of which of the site the client is looking to connect with, and it should be able to send the corresponding certificate. In case the server fails to issue the correct certificate, the connection to the site with the client will be failed, which will negatively affect the business when the customer fails to connect with it.

However, Bob is lucky as SNI lets clients communicate with the specific hostname on the shared server. So, he can opt for an SNI SSL solution, where the client can acknowledge to the server exactly which certificate they request it by referencing the hostname at the time of the TLS handshake.

However, an IP SSL certificate secures only those connections that have a unique IP address.

https ini ssl vs https sni ssl

SNI SSL vs IP SSL – Side by Side Comparison Between the Two

Sr. IP SSL Certificates SNI SSL Certificates
1 IP SSL certificates links with unique IP Addresses. SNI SSL Certificates link to hostnames.
2 IP SSL certificate can only be useful with shared servers if any website is assigned to a dedicated IP address. SNI SSL certificate can be used with both the shared servers as well as dedicated servers.
3 An SSL certificate is an old method for encrypting the connection, and it can be used on an old system that doesn’t support SNI. SNI might not be compatible with legacy browsers or systems. Browsers that are compatible with SNI are:

  • Chrome 5.0.342.1 and above
  • Mozilla Firefox 2.0 and above
  • IE 7 and above
  • Safari 3.0 and above
  • Opera 8.0 and above

Summary

Nowadays, discussing SNI SSL and IP SSL certificate is not usual. But, even if you come across such terms, no need to worry because these terms were quite popular in earlier days.

In other words, all the latest browsers are aware of such scenarios, and you won’t come across any possibility where SNI doesn’t show compatibility issues with your currently installed browser. Also, these days all types of websites require an SSL certificate, so it’s but obvious that you’ll find cheaper one too, and you won’t have to worry about the cost.

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More