[ https://issues.jboss.org/browse/TEIID-3717?page=com.atlassian.jira.plugin... ] Van Halbert commented on TEIID-3717: ------------------------------------ An extension to SSL/TLS called Server Name Indication (SNI) addresses this issue by sending the name of the virtual host as part of the SSL/TLS negotiation. This enables the server to bind the correct virtual host early and present the browser with the certificate containing a CN matching that in the SNI header. This method also has far fewer complications associated with it as compared to TLS Upgrade or STARTTLS. The SNI extension is described in gross detail here. With SNI, you would have a sequence like: Client: (TLS Handshake) Hello, I support XYZ Encryption, and I am trying to connect to ‘access.mycompany.com‘. Server: (TLS Handshake) Hi There, Here is my Public Certificate, and lets use this encryption algorithm. Client: (TLS Handshake) Sounds good to me. Client: (Encrypted) HTTP Request Server: (Encrypted) HTTP Reply -- This message was sent by Atlassian JIRA (v6.4.11#64026)