Jun 8, 2017

What is SNI?

I felt like writing this post because I deal with this question quite a bit at my company. What is SNI? Well, in short, SNI is an acronym that stands for Server Name Indicator, or Server Name Indication. Wikipedia describes it as:
Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.
In a shorter, more concise explanation, SNI lets us bind multiple SSL certificates to one IP address. In the past, we used to have to bind an SSL certificate to a single IP address, and any additional SSL certificates would require their own IP address.

This is a real problem when you can see that IPv4 is running out of addresses! It also became a problem if you wanted to host multiple websites on a single web server. One web server might need eight or nine IP addresses to server up eight or nine different websites!

The reason I get asked about this a lot is we have several clients whose applications don't support SNI, and when they try to connect to our API that requires SNI, they get some sort of SSL error. We have a workaround for those clients, but I still find myself having to explain this to many of the people I work with (Often several times over).

The reason the clients that don't support SNI get SSL errors is that their application isn't smart enough to tell the web server which website they are trying to connect to by using the hostname at the start of the handshake process. Because they can't tell the web server which site they are trying to connect to, they are presented with whatever is the default certificate, which doesn't match the hostname, so they get a handshake error.

I see this a lot with Java based applications, but occasionally I see this with custom .Net applications as well. I guess this depends on if the developers have taken into account SNI or not.

I also see this a lot with DataPower/WebSphere clients, but DataPower can be configured for SNI. Check out this video:




All modern browsers support SNI, and in my opinion, all modern applications should too. If your application does not support it, then I would suggest lighting a fire under your development team's collective ass, and have them update your application to support it!

Jun 7, 2017

How To Get Rid of Boxelder Bugs... Seriously!

This isn't really technology, computer or software related, but I thought I'd share this with you anyway since it is something that has literally been "bugging" me for the last two years. That is that I've had a huge issue with Boxelder bugs all over the front of my house! They weren't there when I moved in three years ago, but they took up residence last year and never left apparently!

Looking on YouTube, I found this video that tells you to use liquid dish soap and water on your siding because the Boxelder don't like it apparently:




Well, this technique did get them off the siding, it did NOT get them off my sidewalks or bushes around the front of my house. It did not solve the problem!

Well, today I had enough and decided to get something that would solve the problem. I bought some Spectracide HG-95830 Triazicide Insect Killer for Lawns & Landscapes Concentrate, Ready-to-Spray and attached that sumbitch to my garden hose!

I let loose a torrent of water and death all over the front of my house, on my sidewalks and in the plants around the front of of my house. Hordes of Boxelder bugs were covered in the Triazicide spray and slowly met their inevitable doom!

The ready to spray version is the best in my opinion because it hooks to your garden hose and allows you to spray a large area quickly.

The Spectracide website even lists Triazicide as one of their solutions to kill Boxelder bugs! Boom! Suck on that you nasty bugs!

If you have Boxelder bugs all over the front of your house, ditch the dish soap, grab a hose and hook up a bottle of Triazicide to it and unleash hell! You can thank me later!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam