With SNI technology you can now host multiple SSL certificates on a single IP address. SNI inserts the requested hostname (website address) within the TLS handshake (the browser sends it as part of ‘Client Hello’), enabling the server to determine the most appropriate SSL certificate to present – removing the need for your server to possess psychic powers and guess which SSL certificate it should present.
Using SNI the server can safely host multiple SSL certificates for multiple sites, all using a single IP address.
I enabled CloudFlare Universal SSL for my site recently, but I got This site works only in browsers with SNI support via Google Chrome on Microsoft Windows XP SP3, so I wanna to know what's the reason of this messages. I found following explain for this issue from CloudFlare official website.
Universal SSL uses Server Name Indication (SNI) certificates using Elliptic Curve Digital Signature Algorithm (ECDSA). SNI and ECDSA certificates work with the following modern browsers:
Desktop Browsers installed on Windows Vista or OS X 10.6 or later:
- Internet Explorer 7
- Firefox 2
- Opera 8 (with TLS 1.1 enabled)
- Google Chrome v5.0.342.0
- Safari 2.1
- Mobile Browsers
Mobile Browsers
- Mobile Safari for iOS 4.0
- Android 3.0 (Honeycomb) and later
- Windows Phone 7