Ask any WordPress developer about SSL certificates and encryption and you are likely to get a lot of groans and eye-rolling. Most implementations of encryption still rely on a dedicated IP address, leading to a shortage of available IPv4 space. Fortunately, there is a better way to implement SSL encryption in the form of Server Name Indication (SNI).
SNI is an extension of the Transport Layer Security (TLS) protocol. It solves a very important problem regarding the nature of how sites are served over HTTPS. Hosting providers have leveraged name-based virtual hosting to serve multiple domains from a single web server for over a decade.
The challenge with this approach occurs when you try to run multiple sites that require an free SSL certificate. This is because of the nature of TLS handshakes, which occur before the server sees any HTTP headers when using HTTPS. As a result, the server cannot use HTTP header information to choose which certificate to use for any given request.
The typical workaround has been to assign multiple IP addresses to a server, one for every website that requires encryption. Each of those IPs requires a lengthy submission process, which has become more stringent and time-consuming as the available IPv4 space has shrunk. This has in turn resulted in a vicious cycle of heftier SSL fees imposed by hosting providers and increasingly more complex and time-consuming requirements by ARIN, the body that issues IP addresses.
The bottom line is that things have gotten increasingly worse for website owners, and this has all come to a head at the worst possible time.
SNI breaks this cycle by allowing you to run multiple encrypted websites on the same server through a single IP address. SNI allows a web browser to send the name of the domain it wants at the beginning of the TLS handshake. This in turn allows the server hosting that site to find and present the correct certificate. And all sites running on that server can share the same IP address and ports.
For customers, the experience of encrypting a site gets a whole lot better since there’s no need to justify a new IP address with ARIN. SSL deployments are quick, painless, and much more cost-effective.
You are probably wondering why more hosting providers haven’t taken advantage of SNI. Some are probably not aware of this option. Others are concerned about client/browser and operating system compatibility.
We’ve been using SNI at Pressable now for years with great success. We are able to set up SSL in a matter of minutes for our customers because we don’t have to go through the IP request and allocation process. Our customers are typically serving encrypted traffic within minutes of requesting it.
WooCommerce is a trusted, secure tool that’s regularly updated and maintained specifically to protect online stores against malicious attacks and hacking. However, like any platform, it’s not immune to security threats like order fraud. Fortunately, […]
When you own a website, you need to stay vigilant and prepared to handle cybersecurity threats. However, it’s hard to address a threat if you have no idea that it’s there. Enter: Intrusion Detection Systems […]
WordPress is an open-source content management system. Users and developers are free to view and modify its code. That customizability is one of the main reasons WordPress has become so popular. Developers can create custom […]