Without SNI, SSL works on an IP address level rather than a hostname level, just like HTTP/1.0 worked at the IP address level and HTTP/1.1 works at the hostname level with the Host header.
Sorry, I wasn't clear. I understand SNI and SSL without SNI.
What I'm not seeing is why it's a problem when a host such as DO doesn't allow multiple IP addresses on a single machine.
Is it because you may want to host multiple sites on that machine and use one IP address for SSL?
Oh, nevermind. It's because you may want to support multiple SSL sites on the same box without requiring your clients support SNI. That makes sense.
We really need to just EOL everyone who has a browser without SNI. People like to say that there's still a lot of XP users out there but surely even a reasonable chunk of them are using Chrome or Firefox with SNI support, right?
