[whatwg] whatwg Digest, Vol 82, Issue 10

timeless timeless at gmail.com
Thu Jan 6 04:58:21 PST 2011


On Thu, Jan 6, 2011 at 1:54 AM, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote:
> * You can typically only serve one domain per IP address, unless you
> can set up SNI (do all browsers support that yet?).

[1] Browsers with support for TLS server name indication:
* Internet Explorer 7 (Vista or higher, not XP) or later
* Mozilla Firefox 2.0 or later
* Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
* Opera Mobile at least version 10.1 beta on Android
* Google Chrome (Vista or higher. XP on Chrome 6 or newer. OS X 10.5.7
or higher on Chrome 5.0.342.1 or newer)
* Safari 2.1 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher)
* MobileSafari in Apple iOS 4.0 or later
* Windows Phone 7
* Maemo

So, basically the unsupported bits for SNI are:
iOS3 and below running Safari
 -- iiuc [2], iPod Touch [3] first generation (purchased roughly
before September 9, 2008) + original iPhone [4] are the only two which
can't run iOS4 (purchased roughly before July 11, 2008)
OS X 10.5.5 [5] and below running Safari
 -- iiuc [6][7], PowerPC G4 computers with CPU speed < 867 MHz can't
run 10.5 ootb, these were obsoleted around August 13, 2002
XP [8] running IE 7-
 -- Users should upgrade to IE8 which is supported [9] (or any other browser)

For other "desktop" configurations (including the unsupported ones
listed above), users can use Firefox/Opera. For mobile configurations,
users can use SkyFire/Opera Mobile.

The coverage for SNI is thus, in fact, quite good.

I can't speak for Symbian, but assuming I'm reading [10] correctly,
Symbian 1 would not have SNI as there's a request against 417 [11] to
add it. Sybmian 2 [12] offers WebKit 525 [10] which should be new
enough to include SNI (as that's roughly what's in Safari 3 which
includes it). This doesn't cover many older models but Opera/SkyFire
should be available for most.

Similarly per [10], BlackBerry 6 [13] which is WebKit 534 should have
SNI. This of course doesn't cover many models, but Opera should be
available for most.

Probably worth doing is a study of SNI failure behavior. My experience
w/ mobile browsers and mobile users is that the warnings are ignored
anyway (especially on Symbian where you're constantly bombarded with
stupid dialogs and quickly learn to <i-do-not-care> through them),
which means that your users are probably used to the problem. But once
they get to your SNI page, you can include a note to mobile users of
browsers which don't have SNI explaining that if they want a more
secure experience they should switch to <list browsers you know work>
(the browsers are free, so the only cost to you is a quick test and
the only cost to the user is the download cost for a better browser).

[1] http://en.wikipedia.org/wiki/Server_Name_Indication
[2] http://en.wikipedia.org/wiki/IOS_version_history#4.x:_Fourth_major_release_of_the_OS
[3] http://en.wikipedia.org/wiki/IPod_Touch#Models
[4] http://en.wikipedia.org/wiki/IPhone#Models
[5] http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Release_history
[6] http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Usage_on_unsupported_hardware
[7] http://en.wikipedia.org/wiki/Power_Mac_G4#Four-slot_models
[8] http://en.wikipedia.org/wiki/Windows_XP#Support_lifecycle
[9] http://en.wikipedia.org/wiki/Internet_Explorer_8#OS_requirement
[10] http://www.quirksmode.org/webkit.html
[11] https://lists.webkit.org/pipermail/webkit-unassigned/2006-June/011657.html
[12] http://en.wikipedia.org/wiki/Symbian#Version_history
[13] http://en.wikipedia.org/wiki/BlackBerry_OS#Current_versions



More information about the whatwg mailing list