Client Compatibility Issues

1 min read SSL/TLS & Certificates

Client Compatibility Issues

Legacy clients lacking SNI support receive default certificates, causing errors. Windows XP with Internet Explorer, Android 2.x, and old Java versions represent common incompatible clients. While these platforms decline in usage, enterprise environments may still require support.

Handle non-SNI clients:

# Detect non-SNI clients and redirect
map $ssl_server_name $sni_support {
    default 1;
    "" 0;
}

server {
    listen 443 ssl default_server;
    
    if ($sni_support = 0) {
        return 302 http://legacy.example.com$request_uri;
    }
    
    # Regular processing for SNI clients
}