A possible solution to an Error page for HTTPS SNI in WinXP Internet Explorer

Although this is not the best way to treat this situation, it is possible to have a switch for the Internet Explorer XP Browser in order to treat it specifically when hosting multiple sites with one ip and https. For those of you looking for the answer:

PHP SNI Switch for HTTPS WINXP IE – Details

As you can see from the code snippet below, there is a regular expression match on MSIE and Windows NT 5.1 which essentially matches XP 32 bit. A less naive solution would be to take a look below the snippet at some possible other values and also to test for some win98/95 user agent strings which would indicate other browsers that lack support for SNI.

<br />
if ( preg_match ( &quot;/MSIE/i&quot;, $_SERVER['HTTP_USER_AGENT'] ) ){<br />
	if ( preg_match ( &quot;/Windows NT 5.1/&quot;, $_SERVER['HTTP_USER_AGENT'] ) ){<br />
		$scheme	= 'http';<br />
	}else{<br />
		$scheme	= ( $ssl === 1 ) ? 'https' : 'http';<br />
	}<br />
}else{<br />
	$scheme	= ( $ssl === 1 ) ? 'https' : 'http';<br />
}<br />

Version Numbers as found here and listed below may help to provide a more viable solution.
Windows 7 6.1
Windows Server 2008 R2 6.1
Windows Server 2008 6.0
Windows Vista 6.0
Windows Server 2003 R2 5.2
Windows Server 2003 5.2
Windows XP 64-Bit Edition 5.2
Windows XP 5.1
Windows 2000 5.0

So what is SNI?

Well SNI stands for Server Name Indication which is part of TLS extensions allowing multiple sites to be hosted at the same IP. This is similar to named virtualhosting with popular web servers in standard HTTP. The problem with HTTPS is that the Host: in the HTTP header comes too late in the verification process to allow proper identification of the host creating the need for SNI.

What is the problem with SNI

SNI did was not implemented at the same time that SSL and HTTPS, so there is a lack of support for it across the board in terms of Server Software and Browser Software. This is not the end of the world, however, as most if not all Web Server vendors now support this technology. The client side is a different story which if you have a recent browser and OS combination will be supported. The issue is that Microsoft browsers and OS’ seem to hang around for an insanely long time even after support has been dropped. I assume this has something to do with this practice: “if it ain’t broke, don’t fix it”

The Solution

The case that I am presenting is that if you can not fix this issue on your own servers within a suitable time frame, that you can provide a quick fix which will direct most users to HTTPS unless they are SNI is not supported and allow standard HTTP for the others. This is not a best case scenario and should be rectified ASAP, however, real world circumstances usually prevail.


About ttessier

Professional Developer and Operator of SwhistleSoft
This entry was posted in php development, Web Development and tagged , , , , , , , . Bookmark the permalink.

One Response to PHP SNI Switch for HTTPS WINXP IE

  1. gify says:

    The article you wrote is very good.

Leave a Reply

Your email address will not be published. Required fields are marked *