Hacker News new | comments | show | ask | jobs | submit login

I think it is interesting that this article doesn't mention the SNI (server name indication) extension to TLS in the section on certificate management. It seems like a great way to bring down the cost of SSL installations.

http://tools.ietf.org/html/rfc4366#section-3.1 http://en.wikipedia.org/wiki/Server_Name_Indication

Does anyone actually use SNI? Looked into it but browser support would exclude ANY IE version on Windows XP which is pretty significant. Android and BB browsers also don't support it.

I don't know of mainstream hosts using it today, but I have to imagine that hosting companies want to offer it as an option to their customers. Interesting point about Android and BB, I hadn't noticed that before. Kind of seems like a chicken and egg problem. Obviously server admins don't want to turn on the feature until the clients support it, but the client support will go slowly until there are servers requiring it.

IE/XP browser support is what held me back when I was looking at SNI. SNI would have definitely made a migration to Amazon AWS more compelling. Without SNI, every unique SSL certificate = unique external ip = unique EC2 instance.

Heroku does.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact