SNI on ordered certificate vs Pro plan

Hi,

I have a question about SNI usage. We have a lot of old clients with outdated browsers without SNI support (don’t ask why). So I need a HTTPS certificate which does NOT use SNI. I know that the free, shared certificates use SNI, so not an option.
What about ordered certificates? When I order a 5$/month certificate on my free plan, does it require SNI? Or do I have to upgrade to a pro plan and with that comes a free certificate without SNI?

Thanks so much

SNI is related to the server respectively protocol, not the certificate. You are probably referring to SANs. Vowels, arent they fun :wink:

Check out https://support.Cloudflare.com/hc/en-us/articles/203041594-Cloudflare-SSL-cipher-browser-and-protocol-support, which should have more details. The free plan generally only supports “modern” browsers, whereas paid plans are supposed to support “all” browsers. Though, I am not sure whether SSL requests without SNI would work nonetheless. Thats probably something best to clarify via a support ticket.

@cloonan @cscharff

Thanks! It would be very unfortunate if SSL requests without SNI would not work, as there are still many devices (in particular SmartTVs) which do not support it

The problem is, without SNI the SSL connection is established without a specific hostname, hence Cloudflare cant present the appropriate certificate.

That is why I believe SNI will always be required but for a definitive answer you’d need to contact support. Maybe they have something up their sleeve :slight_smile:

I have being delivering content to smart TVs for many years with SNI without issue. Some manufacturers have very restricted lists of supported CAs. I have to use a Globalsign custom cert on some Cloudflare proxied hostnames as a result (other CAs might work, but you will need to do the research for your required devices.)

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.