But for me the biggest problem with adoption of SSL is still that every domain name needs it's unique IPv4 address, and all problems that come with that, not registering or paying for the SSL certificate.
At work, I usually use virtual hosting for about 100 domains on one IP address. I don't see us buying an IPv4 address per domain and adding them to my NIC configuration one by one. Once we can safely ignore IPv4 and use IPv6 only it will probably become easier and cheaper.
SNI is fine for web browsing, but for end-points that need to be reachable by older versions of python, tomcat, ruby and many proprietary apps, this will not suffice. This becomes a problem on business to business communications, automation, API's, etc. For the general purpose websites, blogs, etc, SNI would be fine.
You're probably talking about really old versions of applications. I've been using SNI for half a decade without any issues.
Anything so old that does not support SNI probably still uses SSLv3, or maybe even SSLv2, so you really should be upgrading that ASAP, rather than keep supporting it.
If you take a look at the wiki article, there are some versions listed. Those are still in use. If our company forced people to use SNI, we would be out of business. There are TLS 1.0+ enabled apps that can't do SNI. Perhaps you and I are just in very different business models.
> But for me the biggest problem with adoption of SSL is still that every domain name needs it's unique IPv4 address, and all problems that come with that, not registering or paying for the SSL certificate.
Only if you care about IE on Windows XP (which is no longer supported and no longer gets security updates) or Android phones more than 4 years old (2.3 Gingerbread and older). SNI works fine on other devices.
Have you measured? Do you have numbers for how many users you have running one of those two environments?
New phones are still being sold with Android 2.3 here [1] in Ecuador (which is ridiculous), so for some markets you do need to verify what your target audience uses before making assumptions like that.
With many platforms you can also use a Multi-Domain certificate to use one Certificate with one IP. Let's Encrypt will support Multi-Domain certificates.
But for me the biggest problem with adoption of SSL is still that every domain name needs it's unique IPv4 address, and all problems that come with that, not registering or paying for the SSL certificate.
At work, I usually use virtual hosting for about 100 domains on one IP address. I don't see us buying an IPv4 address per domain and adding them to my NIC configuration one by one. Once we can safely ignore IPv4 and use IPv6 only it will probably become easier and cheaper.