Detecting browser's SNI support

Question

I would like to know if there is any way to find out if a browser making an HTTP request supports SNI, other than verifying the user agent and guessing.

I would consider server or client side options.

What I would like to do is set up SSL certificates for multiple domains pointing to the same PHP application. I would then try to find out if the client making the request supports SNI, and if so, redirect him to the SSL enabled version.

Answer 1

First, we know the browsers that currently support SNI:

Opera 8.0; MSIE 7.0 (but only on Windows Vista or higher); Firefox 2.0 and other browsers using Mozilla Platform rv:1.8.1; Safari 3.2.1 (Windows version supports SNI on Vista or higher); Chrome (Windows version supports SNI on Vista or higher, too).

so a cheap way is to determine the browser and if it is one of the above, it has SNI.

While this is not a best practice (preference to Feature Detection) it appears there no way to avoid it as SNI Detection requires a SSL handshake. Thus it is too late to do something after the fail of your SSL certificate.