Server Name Indication

Server Name Indication (SNI) is a TLS handshake mechanism in which the client submits the name of the desired host to the server. This mechanism is required if a server hosts several domains under the same IP address. This means that the server knows in advance which certificate it has to send to the client.

In TwinCAT, the HTTP client automatically sends the SNI in the ClientHello message. If the setting to skip the server certificate check (bNoServerCertCheck) is set, the SNI is not sent. This behavior occurs because, with this setting, the client will not check the server certificate anyway.

If the client does not send an SNI, a server typically responds in two ways. The TLS handshake will either abort with a Handshake Failure error or the client will send a default certificate.