SNI SSL vs IP SSL — The Ultimate Difference Explained

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4.50)
Loading...

A breakdown of the differences between SNI vs IP SSL

Though its rare these days, you may occasionally run across terms like SNI SSL and IP SSL or website talking about the differences between SNI SSL vs IP SSL. These terms harken back to the early days of SSL/TLS — back to a time where maps were kept in glove boxes and people’s phones were just phones.

A Historical Look at SNI SSL vs IP SSL

Originally, there was only one kind of SSL certificate — organization validation (OV). At that point, the conventional wisdom was that only websites that transacted in sensitive information needed SSL. And, since most of those were run by legitimate businesses, organization validation was no problem. It was initially limited to the USA, too. Thawte was the first certificate authority (CA) to offer SSL certificates for internationalized domains.

But there was another more technical reason that OV was originally the only game in town: IP addresses. To this day, OV certificates are the only SSL/TLS certificates that can secure IP addresses. Nowadays, that’s a selling point. Initially it was a hinderance because each website needed to have its own IP address. In shared hosting environments where multiple websites reside on the same IP address, SSL really wasn’t an option.

And, obviously, we couldn’t have that, so in 2003, server name indication (SNI) was introduced as an extension to TLS. Now, let’s take a quick detour into SSL vs TLS. Initially, secure sockets layer (SSL) was the protocol used to secure HTTP connections. But, as it happens with any new protocol, vulnerabilities were found quickly and its creators were forced back to the drawing board. SSL made it all the way to version 3.0 before it was replaced by TLS, or what’s known as transport layer security.

How TLS Connects vs SSL

The key difference is the way the connections are made. SSL connects directly to port 443. TLS, on the other hand, starts with a hello via an insecure channel and moves to port 443 following a successful handshake. That’s kind of in-the-weeds for this article — however, the key takeaway is that TLS is a different protocol than SSL, though it serves the same function. But that subtle difference cleared the way for SNI.

Top SNI Certificates of 2021

Certificate Lowest Price Save
Comodo EV Multi-Domain $227.35/yr. $1,059.24 BUY NOW
Comodo UCC (OV) $116.82/yr. $555.92 BUY NOW
Comodo DV UCC $116.82/yr. $811.92 BUY NOW
Comodo Multi-Domain SSL (OV) $116.82/yr. $1,211.92 BUY NOW
PositiveSSL Multi-Domain (DV) $18.81/yr. $605.96 BUY NOW

What’s Secured in SNI vs IP SSL

And SNI cleared the way for the invention of domain and extended validation SSL certificates. That’s because with SNI, websites hosted on the same IP address can all have individual certificates. Rather, with SNI, the client could query the server by hostname and receive the correct certificate.

Now, SSL certificates no longer have to be bound to an IP address — they can be bound to a host name.

And that might be the best way to view IP SSL vs SNI SSL:

  • With IP SSL, what’s secured is an IP address.
  • With SNI SSL, the host name is secured.

Browsers that are compatible with SNI (earliest version) include:

  • IE 7 +
  • Chrome 5.0.342.1 +
  • Mozilla Firefox 2.0 +
  • Opera 8.0 +
  • Safari 3.0 +
SSL Certificate with Comodo Secure Logo

Save Up to 59% On PositiveSSL Multi-Domain Wildcard Certificates

Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all PositiveSSL Multi-Domain Wildcard Certificates at up to 59% off.

Shop for Positive Multi-Domain Wildcard SSL Certificate