On Wed, Sep 18, 2013 at 11:44 AM, Gervase Markham <g...@mozilla.org> wrote:
> On 17/09/13 15:18, a...@google.com wrote: > > We also have a number of domains ("gmail.com", "googlemail.com" etc) > > which require SNI to serve the correct certificate > > Change of topic: that's really interesting. You are using SNI in > production? What about IE on Windows XP and the other non-SNI-supporting > platforms? > It's interesting when you combine it with a multi-domain certificate for non SNI supporting platforms, see: https://www.globalsign.com/cloud/multiple-ssl-certificates-single-ip-address.html This would serve a specific certificate via SNI to 92% of your visitors (with the possibility to use OV/EV and the performance advantage of a smaller certificate) and the remaining 8% will get the bigger/slower multi-domain certificate. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security