Can I read the domain name from HTTPS before SSL handshake?

Question

I am researching if I can host multiple domains on one server through HTTPS but for each domain, I have a different certificate.

In this case, I would need to know the domain of the incoming connection so in that first part of the SSL handshake, will it have the information I need to send back the correct certificate for that domain?

The search term you need for this case is "SNI" - Server Name Indication — Matthew, Feb 10 '16 at 08:55
You need SNI only if you cannot use different IP addresses for the different domains. This could be important as in the Xander's answer you can see that some older clients do not support SNI. — pabouk - Ukraine stay strong, Feb 10 '16 at 09:40
If you need to support clients that don't send SNI, you could use a Subject Alternative Names certificate which lists all relevant domain names in the same certificate (or a wildcard certificate if they're subdomains of the same domain). — CodesInChaos, Feb 10 '16 at 10:35
At this point, if you're still using a client too old to understand SNI, not getting HTTPS properly is the least of your problems. — Shadur-don't-feed-the-AI, Feb 10 '16 at 11:58
@CodesInChaos There are scenarios where generating a certificate covering all the possible domain names is not feasible. — kasperd, Feb 10 '16 at 18:32

score 26 · Accepted Answer · answered Feb 10 '16 at 03:08

26

Yes, as long as the server and the clients support the Server-Name-Indication (or SNI) extension. This extension allows for virtual hosting for HTTPS, where you have multiple independent domains and certifications bound to a single IP address.

Most clients these days do support SNI. The place where you might have issues is if you have older clients using platforms like Windows XP, old versions of Android, or Java 6.

answered Feb 10 '16 at 03:08

Xander

35,796
27
116
144

1

Comments are not for extended discussion; this conversation has been moved to chat. – AviD Feb 11 '16 at 00:57

score 9 · Answer 2 · answered Feb 10 '16 at 05:58

9

Without SNI, the domain first appears in cleartext in the Server Hello of the TLS handshake (In the rdnSequence of the Certificate field).

With SNI, the domain first appears in cleartext in the Client Hello of the TLS handshake (In the SNI field).

Source: I fired up apache2 with TLS and took packet captures before and after implementing SNI (Virtual Hosts in apache2).

answered Feb 10 '16 at 05:58

cremefraiche

2,163
14
24

3

Only the second case can be used for what is being asked for in the question - allow the server to select right domain and certificate at the beginning of the SSL/TLS handshake. --- The first case can be used for example by security devices (like firewalls, IPS, URL filtering, application detection etc.) to be able to distinguish domain names without SSL/TLS decryption. – pabouk - Ukraine stay strong Feb 10 '16 at 09:45

score 8 · Answer 3 · edited Mar 17 '17 at 10:46

Aside from SNI, there is an option to get a multi-domain certificate. Several certificate providers offer such certificates (not endorsing anyone, Google is your friend).

With a multi-domain certificate, you don't need to know the domain name at the beginning of the handshake, as the certificate is effectively valid for all the domain names listed.

Here's how an example of how such certificate looks like:

Can I read the domain name from HTTPS before SSL handshake?

3 Answers3