What browser would support HTTP 2.0 but not SNI?

nfoz · on Nov 13, 2013

Lots of utilities that aren't conventional "browsers" but talk HTTP.

mikeash · on Nov 13, 2013

The question is still completely valid. What tool would support HTTP 2 but not SNI?

jalada · on Nov 13, 2013

I'd not heard of SNI before. Is this something that can be used now?!

kijin · on Nov 13, 2013

Yes ... as long as you don't need to support IE on XP, Android 2.x, or Java 6.

https://en.wikipedia.org/wiki/Server_Name_Indication

Macha · on Nov 13, 2013

> IE on XP, Android 2.x

That's still a lot of devices.

Xylakant · on Nov 13, 2013

Neither of those browsers supports HTTP/2.0, so that's moot.

acdha · on Nov 13, 2013

> IE on XP

In this case, that's also going away hard next year when Microsoft discontinues support for Windows XP. At that point it'd be really tempting to suggest switching to Firefox or Chrome, both of which do support SNI.

wmf · on Nov 13, 2013

SNI is useful for hosting, but I don't think it helps embedded devices. Is any CA willing to issue me a cert for 192.168.0.1? Wait, don't answer that.

Sami_Lehtinen · on Nov 14, 2013

Why do you want to use global CAs for internal services? Wouldn't it be better to use your own CA? I find out that identifying site by it's certfingerprint is much stronger authentication than the fact that it got valid cert. Actually it would be a good idea not to trust any other than company's internal CA for internal services. But as far as I know, bowsers aren't up to this challenge. Maybe AD allows this, but I haven't ever seen any post how to do it.

acdha · on Nov 13, 2013

It'd be more interesting to see if a CA would issue a cert for something.local — sadly, you're probably right to fear the worst…

jlgaddis · on Nov 14, 2013

They will -- but I believe that's to be phased out by 2015 or so.

cpach · on Nov 13, 2013

You can solve this by setting up your own Certificate Authority.