On Wed, Sep 18, 2013 at 11:44 AM, Gervase Markham <g...@mozilla.org> wrote:
> On 17/09/13 15:18, a...@google.com wrote:
> > We also have a number of domains ("gmail.com", "googlemail.com" etc)
> > which require SNI to serve the correct certificate
>
> Change of topic: that's really interesting. You are using SNI in
> production? What about IE on Windows XP and the other non-SNI-supporting
> platforms?
>
It's interesting when you combine it with a multi-domain certificate for
non SNI supporting platforms, see:
https://www.globalsign.com/cloud/multiple-ssl-certificates-single-ip-address.html
This would serve a specific certificate via SNI to 92% of your visitors
(with the possibility to use OV/EV and the performance advantage of a
smaller certificate) and the remaining 8% will get the bigger/slower
multi-domain certificate.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
