SNI (Server Name Indication)
-
This is addition to the TLS encryption protocol. SSL Client can specify
the domain name it is trying to reach in the first step of the TLS
handshake, preventing common name mismatch errors.
SSL Client SSL Server
-- CLIENT HELLO -------------->
(SNI:I want to connect xyz.com)
Retrieve cert of xyz.com from store
<--- Server Cert(xyz.com)------
Verified cert
<------ Key exchange begin ---->