Search tools and guides ⌘K
Security also: Server Name Indication

SNI

TLS extension that tells the server which hostname is being requested.

In plain terms

Lets one IP host many TLS sites. Travels in the clear; ECH (Encrypted Client Hello) hides it.

Origin

RFC 4366 (2006), updated by RFC 6066 (2011). Without SNI you can only host one TLS site per IP — for years that's why IPv4 felt scarce. ECH (Encrypted Client Hello) now hides the SNI from passive observers.

Where it shows up in production
  • Every shared TLS host CDNs, cloud load balancers, virtual hosting — all rely on SNI to route TLS by hostname.
  • ECH (Encrypted Client Hello) Cloudflare turned ECH on in 2023; encrypts the SNI so eavesdroppers can't see what hostname you visited.
On Semicolony
Guide sni Guide https
Sources & further reading
Related Concepts Related Concepts
Guide HTTPS / TLS — the handshake SNI rides in Guide DNS — where the ECH key is published Study Path TLS 1.3 deep dive — codex Guide Load Balancing — SNI-based routing Guide Reverse Proxy — SNI passthrough Guide CDN — multi-tenant edges built on SNI
Found this useful?