LinkBack URL
About LinkBacks
Hi David,
Do you have any ETA as yet?
Yes
Yes, more options & support
No
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Hi David,
Do you have any ETA as yet?
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Not yet, this is still early in the planning stages.
That said, we do realize how this is essentially a requirement for IPv6 website hosting, and we are looking to complete our support of IPv6 to bring it on-par with our IPv4 support by version 11.36. No guarantees that it will be the ETA for SNI as well, just emphasizing a scenario that seems likely as I am writing this post.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
+1 here, just another voice who want SNI support in cPanel. I will keep track of this thread or is there a feature/milestone I can track?
Thanks David and the development team which I think you already started the development of SNI support on middle of this year.
I realize the issues to implement SNI. The big concern here is about browser support and OpenSSL version. I heard before about browser wait for server but server wait for browser. We are provider so we must provide the feature first without waiting for browsers. Yes, that is why you started already. Now most browsers support for SNI except IE on Windows XP, and it is not a problem for me and my hosted websites. Webmaster can decide what browser they want to support, they can simply ask to use Firefox or Chrome for XP user. That is because some provider not only hosting a public website for public users. User can simply buy hosting and domain only for a project because it cheap but when it goes to admin area, private web based site, they have no option to secure the channel since using self signed cert also require a dedicated IP. It is not much but why need to pay if the technology is there but only making reserved IP become more limited.
Even Windowx XP still have a major share 34% based on the /http://www.w3counter.com/globalstats.php, I believe the IE7 and IE8 for Windows XP have less % than expected (it should be less than 17% as of today) because the statistic is specific to browser or platform only. Whatever it is, it is not the issue, but just looking one to another from which side this can be implemented.
I also have no problem to update OpenSSL to the latest version or try built from source for older CentOS 5.
The good thing here for your developement team and sales, if you ready to implement this, ofcause you can increase you sales since this is the most wanted feature. So my apache server without cpanel also can migrate to use this since it has many self signed SSL, but harder to manage because I need to SSH every time and no UI for them to manage.
I come to look and see SNI at the right time. I hope so. Good luck guys.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
This thread is our main point of communicating about this feature request and its progress.Originally Posted by callmelann
We definitely don't want to leave CentOS 5.x out given that most servers are still on CentOS 5.x. We are considering various options of compiling from source, including perhaps distributing/maintaining mod_gnutls which was mentioned earlier in the thread.I also have no problem to update OpenSSL to the latest version or try built from source for older CentOS 5.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
I may have missed it -- but is it at all feasible to do this while you "don't" support it? Has anyone done it? Right now NOT having SNI is costing us hundreds every month, without an ETA it makes it difficult to plan.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Hello cPanelDavidG,
Its 2012 and yet I hear no updates about SNI here. Its a feature we need in cPanel sooner than later.
Softlayer - One of the biggest datacenters is having a huge IPv4 shortage.
Requesting an IP from them is very difficult now. We have a lot of dedicated IPs used for SSL web hosting and they won't give us anymore because of the shortage.
Other datacenters are in the same shape. We can't go anywhere without running into the same problem.
Our only 3 options are to buy more dedicated servers from multiple data centers or Use a shared SSL cert or Use SNI.
The preferred is SNI because shared SSL links look ugly and untrustworthy when dealing with e-commerce sites and buying more servers is just too expensive. Breaking support for older browsers I think is hardly an issue nowadays.
The IPv4 shortage is really being felt now.
I talked to the Vice President of Softlayer today and he says in 3 years there won't be anymore v4 IP's left to give out. He recommended us to do SNI. He says he is telling every other company to do the same. He also says its going to be many years before we can truly rely on IPv6 because there is still too much IPv4 equipment used in the world.
Do you know of any official/unofficial guides to allow me to convert all my existing sites to use SNI?
I have a few hundred client web sites to do. Is there at least a semi-automated process available?
Last edited by raysolomon; 01-17-2012 at 08:52 PM. Reason: making my comment better to undertsand
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
SNI is something we are focusing on and putting some further research into regarding how to minimize the issues SNI introduces (basically - what to do with those people who are running browsers that are incompatible with SNI and if this still constitutes a large enough group to be so concerned about accommodating). I agree with you in that SNI basically goes hand-in-hand with IPv4/IPv6 dual stacking which we will be supporting by version 11.36 and even in the realm of just IPv4 it seems increasingly silly to need a dedicated IP just because one wants to have a website served over HTTPS without scaring website visitors.
We're working out the server-side issues of SNI... that's just something that has historically been part of our introduction of new features anyway. SNI is just taking a bit long because we need to also cope with the consumer-side issues of SNI somehow. Hence the research into "Are there really that many people still using IE 8 on XP? Or are we just being excessively concerned?" and "From a technical perspective, what would be a way we could implement that would be user-friendly and handle things well when someone on IE 8 on XP try to connect to a site requiring SNI?"
Luckily more and more people are using SNI-compliant browsers (easily a majority at this point) and there is an aura of inevitability with regards to implementing SNI, it's all just a matter of when at this point. Like any sysadmin, I prefer sooner than later so long as it's a reliable implementation. Our goal, at this point, is to not only support SNI but do it in a way that avoids telling people using older browsers to just go away and never come back by means of your site seeming horribly and inexplicably broken.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Considering that getting CPanel's support for Apache's SNI implementation is needlessly difficult.
Shame CPanel doesn't support nginx, as that supports SNI out-of-the-box. Any server I've ever set up with nginx & SSL, I've never had reports from users of problems with SSL. I guess that's because the number of users still running IE6 is so ridiculously low now.
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
It's not just IE6, it's any IE running on Windows XP as well as any browser that still relies on Windows for SSL (which given the SSL incidents of the past couple years, is now very few if any other than IE). Windows XP remained, up until a few months ago, the most popular Windows version in use: StatCounter Global Stats - Browser, OS, Search Engine including Mobile Market Share
If you feel that nginx will serve as your interim solution, there are several plugins that add nginx functionality available on the Application Catalog at Application Catalog
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Thanks for the info, was unaware of the WinXP limitation. Thanks for the link to the app store, although there are only 2 products that actually implement nginx, and neither look compelling.
Thanks anyhow
Re: Due to lack of support maybe in the future.
Hey !
What about now ?
2 years later ?...
Re: Due to lack of support maybe in the future.
Thinking about it, it's more preferable to wait and see support for ipv6 rathen than SNI.
Still, every pc out there with windows xp (more than 30% globally) and every server with old
OS (centos <5) cannot support it. (hacks, compilations by hand etc excluded)
Windows xp and Centos 5 have ipv6 support. Regarding SSL certificates, it's getting easier
to get a /64 block per server than forcing everyone to use centos 6 on servers or windows vista/7 on workstations around the world
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
To secure a site admin panel, is it easier to get the admin to update his OS or to get his ISP IPv6 ready + update the company network ?
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
Oh, I see what you did there :-)
I was speaking generally, for mainstream websites so,
with the same logic, on a normal website for example a commerce site using SNI for SSL,
should be sounds logic, if you put a message that says:
"Please update to Windows 7 to see this page"
Re: [Case 46856] SNI ( Server Name Indicator ), SSL support in cPanel
I do something like that on my non-cPanel servers. We have a default SSL vhost that creates a redirect to a different port (in the range 44301-44399) that will have the correct certificate. If the site is not bound to another port (or an admin forgot to update the php script with the correct redirect), then you just get an error.
Reply With Quote
