- From: timeless <timeless@gmail.com>
- Date: Thu, 6 Jan 2011 14:58:21 +0200
On Thu, Jan 6, 2011 at 1:54 AM, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote: > * You can typically only serve one domain per IP address, unless you > can set up SNI (do all browsers support that yet?). [1] Browsers with support for TLS server name indication: * Internet Explorer 7 (Vista or higher, not XP) or later * Mozilla Firefox 2.0 or later * Opera 8.0 or later (the TLS 1.1 protocol must be enabled) * Opera Mobile at least version 10.1 beta on Android * Google Chrome (Vista or higher. XP on Chrome 6 or newer. OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer) * Safari 2.1 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher) * MobileSafari in Apple iOS 4.0 or later * Windows Phone 7 * Maemo So, basically the unsupported bits for SNI are: iOS3 and below running Safari -- iiuc [2], iPod Touch [3] first generation (purchased roughly before September 9, 2008) + original iPhone [4] are the only two which can't run iOS4 (purchased roughly before July 11, 2008) OS X 10.5.5 [5] and below running Safari -- iiuc [6][7], PowerPC G4 computers with CPU speed < 867 MHz can't run 10.5 ootb, these were obsoleted around August 13, 2002 XP [8] running IE 7- -- Users should upgrade to IE8 which is supported [9] (or any other browser) For other "desktop" configurations (including the unsupported ones listed above), users can use Firefox/Opera. For mobile configurations, users can use SkyFire/Opera Mobile. The coverage for SNI is thus, in fact, quite good. I can't speak for Symbian, but assuming I'm reading [10] correctly, Symbian 1 would not have SNI as there's a request against 417 [11] to add it. Sybmian 2 [12] offers WebKit 525 [10] which should be new enough to include SNI (as that's roughly what's in Safari 3 which includes it). This doesn't cover many older models but Opera/SkyFire should be available for most. Similarly per [10], BlackBerry 6 [13] which is WebKit 534 should have SNI. This of course doesn't cover many models, but Opera should be available for most. Probably worth doing is a study of SNI failure behavior. My experience w/ mobile browsers and mobile users is that the warnings are ignored anyway (especially on Symbian where you're constantly bombarded with stupid dialogs and quickly learn to <i-do-not-care> through them), which means that your users are probably used to the problem. But once they get to your SNI page, you can include a note to mobile users of browsers which don't have SNI explaining that if they want a more secure experience they should switch to <list browsers you know work> (the browsers are free, so the only cost to you is a quick test and the only cost to the user is the download cost for a better browser). [1] http://en.wikipedia.org/wiki/Server_Name_Indication [2] http://en.wikipedia.org/wiki/IOS_version_history#4.x:_Fourth_major_release_of_the_OS [3] http://en.wikipedia.org/wiki/IPod_Touch#Models [4] http://en.wikipedia.org/wiki/IPhone#Models [5] http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Release_history [6] http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Usage_on_unsupported_hardware [7] http://en.wikipedia.org/wiki/Power_Mac_G4#Four-slot_models [8] http://en.wikipedia.org/wiki/Windows_XP#Support_lifecycle [9] http://en.wikipedia.org/wiki/Internet_Explorer_8#OS_requirement [10] http://www.quirksmode.org/webkit.html [11] https://lists.webkit.org/pipermail/webkit-unassigned/2006-June/011657.html [12] http://en.wikipedia.org/wiki/Symbian#Version_history [13] http://en.wikipedia.org/wiki/BlackBerry_OS#Current_versions
Received on Thursday, 6 January 2011 04:58:21 UTC