Server Name Indication, or SNI, is a method by which clients such as web browsers can securely designate the domain that they are attempting to access before completing the SSL handshake.
That means that custom SSL certificates can be used on a multi-tenant system like a CDN without having to consume scarce dedicated IPv4 address space, a necessity for a truly scalable secure web.
We've always felt strongly that selling inclusion on a Subject Alternative Name (SAN) certificate for the sake of showing users a ???? icon is insecure and violates the spirit of SSL design conventions.
For that reason, we've only offered security via our own wildcard certificate (*.ssl.hwcdn.net) and via dedicated IP with custom certs.
Highwinds' newly unveiled SNI support means that our customers can genuinely secure the traffic of their own domains in a cost effective manner and without having to rely on a shared certificate.
While laying the groundwork for the SNI capability, we thought it would be interesting to look at how much of the web could be effectively covered just by offering an SNI secured domain. From our empirical testing, over 99% of ALL SSL connections originated from environments with full SNI support, and for some of our customers SNI support represented as high as 99.98% of their connections.
For some applications a dedicated IP with its own standalone certificate is still going to be the proper approach, but with SNI support available on all modern browsers since 2010 it covers the vast majority of use cases.
For more information about SNI, please contact your Highwinds' account executive.