What is the "SNI" option for?


This article applies to:

  • Web Filter 5.0.10 and above

Question:

  • What is the "SNI" option for under the HTTPS Filter?

Reply:

The SNI Extension feature enabled for HTTPS filtering under: System>Control>Filter.

The HTTPS/SSL Filtering frame now includes the “Hostname Identification Based on SNI Extension” option, enabled by default. Server Name Indication (SNI) identifies the hostname for secure client connections, allowing multiple HTTPS sites to be served from one IP address and port number, without requiring those sites to use the same certificate.

With this feature enabled, an option is available to block access to sites over HTTPS, with *youtube.com included in the list box by default.

Notes:

This feature can be disabled if filtering performance is impacted.


Last Modified 11/2/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle14935.aspx