I have TLS 1.1 Server Name Indication working in mod_gnutls.
What is Server Name Indication?
When a client connects to a server using SSL, the server will send the Public Certificate to them. This enables them to actually decrypt the data sent from the server later. Here is a short simplified example:
1. C: (TLS Handshake) Hello, I support XYZ Encryption. 2. S: (TLS Handshake) Hi There, Here is my Public Certificate, and lets use this encryption algorithm. 3. C: (TLS Handshake) Sounds good to me. 4. C: (Encrypted) HTTP Request 5. S: (Encrypted) HTTP Reply
The problem in HTTP is we don’t know which Public Certificate to send, until step 4. This is long after the public certificate has been sent. Protocols such as IMAP and SMTP, which use STARTTLS, have a different pattern:
1. C: (Cleartext) I am using server 'mail.example.com' 2. S: (Cleartext) By The Way, I also support TLS Encryptionn. 3. C: (Cleartext) Lets use Encryption, aka 'STARTTLS'. 4. C: (TLS Handshake) Hello, I support XYZ Encryption. 5. S: (TLS Handshake) Hi There, Here is my Public Certificate, and lets use this encryption algorithm. 6. C: (TLS Handshake) Sounds good to me. 7. C & S: (Encrypted) Exchange Data
Since the client tells the server which host it is connecting to in step 1, the server can pick the correct certificate in step 5. It is possible to do this in HTTP, using TLS Upgrade. This is slightly more complicated, and presents other security issues. The Server Name Indication approach has a much simplier setup:
1. C: (TLS Handshake) Hello, I support XYZ Encryption, and I am trying to connect to 'site.example.com'. 2. S: (TLS Handshake) Hi There, Here is my Public Certificate, and lets use this encryption algorithm. 3. C: (TLS Handshake) Sounds good to me. 4. C: (Encrypted) HTTP Request 5. S: (Encrypted) HTTP Reply
The only difference is a few extra bytes sent in Step 1. The client passes along which hostname it wants, and the server now has a clue which public certificate to send.
Currently, the only browser with SNI support is Opera 8.0. What Server Name Indication (SNI) has the potential to bring, is cheap encryption. A Self Signed Certificate might be free, but it does not mean they can easily be used. Other protocols like IMAP use STARTTLS to decide which server to connect to first, and then to start the TLS Connection. Traditionally, HTTP has required one IP address for every SSL Host. For some people, IP Addresses are cheap, but for many, they are not. SNI Breaks this last barrier, and allows a single IP Address to host hundreds of SSL Websites.
I have setup a demo server at sni.corelands.com. If you visit https://one.sni.corelands.com/ with Opera, you will not get an SSL Hostname Mismatch. If you use any other browser, you will.
Pingback: Sebastian Bauer (IT-Blog) » https für mehrere Web-Projekte mit nur einer IP
Why this doesn’t works with Opera?
Why this doesn’t works with Opera?
yes =/
Doesn’t this mean that attacker in the middle will be able to see which server is the client accessing?
Matus: It does, however it’s no worse than being able to only have a single SSL listener on an IP/port combo- attacker will know which site you are connecting to. No good answer there, sorry- in order to establish a secure channel you need to identify with who you are trying to establish ths secure channel (unless you go for multilevel authentication… which would be just a mess with little to no benefit)
Doesn’t this mean that attacker in the middle will be able to see which server is the client accessi
Note that SMTP HELO and EHLO do not mean ‘I want to connect to Foo’, but ‘I am Foo’. In fact the smtp server will send a banner with its name before any client request.
thanks admin bey