IE8 on Windows XP does not support SNI

, 64px-Internet_Explorer_7_Logoor “you desktop IT people have broken something”.

Just before Windows XP gets to take a well earned retirement on “the farm”, it popped it’s ugly head up this week with an end user complaining we did something to break their new website

On purpose no less.

It seems IE8/Windows XP was receiving the wrong HTTPS certificate.

Upon investigation, I realised that the issue was that IE8 on WinXP does not support SNI.

Server Name Indication allows a web browser to tell a web host what site it is connecting to.  (A web host can host multiple web sites …).  The reason why a browser needs to tell the web host it connects to, is so the web browser gets the right HTTPS certificate.

If the browser does not support SNI then the browser will get the default web host certificate.  Which may cause certificate errors to be displayed in the browser.

To prove that it was a lack of SNI support causing the issue, I used the excellent Qualys SSL Labs SSL Server Test tool.

I suggested to the customer that they use an alternate web browser, until they can replace Windows XP.