[zeta0134]

I was under the impression that older clients wouldn't send the host header over HTTPS, making it impossible to determine the correct certificate to serve in a shared IP environment. Modern browsers all support SNI which prevents exactly this problem, but compromise by sending the hostname in plain text, which may be a privacy concern; this is something that's still up for debate: http://security.stackexchange.com/questions/86723/why-do-htt...

EDIT: I'm not sure what I was reading or who I was responding to. You mentioned this directly in your comment. Ignore my blathering, I'm tired. :)

[Buge]

They all send host headers over HTTPS (unless it's http2, because the protocol is different). But the host headers don't get sent until after the encrypted transport is fully setup. And to set up the encrypted transport, the server needs to send a certificate. So the server needs to send the certificate before it sees the host header. That's what SNI helps.

[Jaruzel]

SNI doesn't work on Windows XP.

"Who still use Windows XP?" I hear you ask?

Just under 10% of all users[1]. Enough to make SNI problematic. In a few years time, we'll be OK, but not right now.

---

[1] https://www.netmarketshare.com/operating-system-market-share...

[tokenizerrr]

On internet explorer on Windows XP. Anyone on XP who uses Chrome or Firefox is just fine. If you are still using internet explorer on XP then you probably have other problems from all the malware that already installed itself on your computer.

[Jaruzel]

Current versions of Chrome are no longer available for XP.

If you are still using XP it's probably because you have to, and do not have the knowledge to switch to something better. Ergo, it's highly possible that you are still using IE on XP as well, as you don't know any different, or cannot change it due to restrictions, or policy.

It's an accessibility thing. If I designed a new web system that blocked off 10% of the populous, for whatever reason (deaf,blind, not able bodied), then people would call me out on it.

In the main, it's unlikely that anyone still using XP is doing so because they want to. Not everyone is privileged enough to have access to modern equipment.

[manarth]

  It's an accessibility thing. If I designed a new web system that
  blocked off 10% of the populous, for whatever reason (deaf,blind,
  not able bodied), then people would call me out on it.

Rightly so, because that's a constraint that cannot be changed.

Running an outdated, decommissioned operating system is something that can be changed. You have no obligation, moral or otherwise, to support Windows 3.1, OS2/Warp, WAP browsers, Gopher clients, or IE5 running on Mac OS 9.

You can still choose to support outdated clients, because it makes financial sense for your organisation - and many places to just that - just as a corporation running outdated software may choose not to update because that's what makes financial sense for them.

Equating support for an accessible service with support for outdated browsers is a non-starter.

[tokenizerrr]

> Not everyone is privileged enough to have access to modern equipment.

And there you go. If you can't be bothered to not use an ancient operating system, that's just too bad. I don't care about people running DOS either.

Luckily it is a lot easier to switch to a modern operating system than to replace nonfunctional parts of the human body.