Previously you required a new IP address every time you wanted to add an SSL domain. This meant each virtual host was bound to an individual IP and all encrypted traffic for that IP would be served by the vhost bound to the port
Example:
x.x.x.1 - domain1.com x.x.x.2 - domain2.com
This was not ideal, and a newer technique called SNI was introduced to allow multiple domains to be hosted on the same IP when using SSL.
Normally the “host” header for HTTP requests are send after the TCP handshake, but this won't work for SSL handshake as it would need to request the correct certificate from the server.
SNI inserts a “Host” header into the initial SSL handshake so that the server is abe to see the virtual domain it serves.
Only compatible browsers and webserver versions are able to do this. Around 98% of the clients requesting HTTPS support SNI now.
Example:
Apache 2.2.12 or higher, must use mod_ssl
Apache Tomcat on Java 7 or higher
Internet Explorer 7 or higher, on Windows Vista or newer. Does not work on Windows XP and Internet Explorer 8
Mozilla Firefox 2.0 or higher
Google Chrome (Windows Vista or newer, Windows XP requires Chrome 6 or higher, OS X 10.5.7 or newer requires Chrome 5.0.342.1 or higher)