SNI (Server Name Indication)

A TLS extension (RFC 6066) where the client includes the target hostname in the ClientHello message before the TLS handshake completes. SNI allows a single server IP address to host multiple TLS-protected virtual hosts (name-based virtual hosting), each with its own certificate. Without SNI, a server cannot determine which certificate to present before the encrypted connection is established. All modern TLS clients support SNI; legacy clients and some corporate proxies may omit it, causing certificate mismatch errors.