One Address, Many Sites
A single server IP often hosts many sites, so during the handshake it must learn which site the client wants before choosing a certificate. Server name indication carries the requested hostname in the opening hello.
Why SNI Exists
The certificate must match the requested name, but the request comes before any application data.
- The client puts the hostname in the server name indication field of its hello.
- The server uses it to select the matching certificate.
- Without it, a shared address could only present one certificate.
The Privacy Leak
In classic TLS the server name indication is sent in the clear, so an observer can see which site you intend to reach even though the rest is encrypted. This reveals browsing destinations to anyone on the path.
Encrypting the Name
Encrypted server name indication, refined into encrypted client hello, hides the hostname by encrypting the sensitive part of the hello to a key the provider publishes.
- The provider publishes a public key, often through DNS.
- The client encrypts the inner hello including the real hostname.
- An outer hello uses a shared front name so observers learn little.
Key idea
Server name indication tells a shared server which certificate to present, but in the clear it leaks the destination, so encrypted client hello hides the real hostname behind a shared front name.