SNI for multiple SSL certificates in Nginx - Time & Space Complexity

We want to understand how the time to handle SSL connections changes when using multiple certificates with SNI in nginx.

How does nginx manage multiple SSL certificates as the number of domains grows?

Analyze the time complexity of the following nginx configuration snippet using SNI.

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/ssl/example.com.crt;
    ssl_certificate_key /etc/ssl/example.com.key;
}

server {
    listen 443 ssl;
    server_name example.org;
    ssl_certificate /etc/ssl/example.org.crt;
    ssl_certificate_key /etc/ssl/example.org.key;
}

# ... more server blocks for other domains

This config uses SNI to serve different SSL certificates based on the requested domain.

Identify the loops, recursion, array traversals that repeat.

• Primary operation: nginx matches the requested domain against server blocks to select the correct SSL certificate.
• How many times: This matching happens once per new SSL connection during the handshake.

As the number of server blocks (domains) increases, nginx must check more entries to find the right certificate.

Input Size (n)	Approx. Operations
10	About 10 domain checks per connection
100	About 100 domain checks per connection
1000	About 1000 domain checks per connection

Pattern observation: The number of checks grows roughly in direct proportion to the number of configured domains.

Time Complexity: O(n)

This means the time to select the SSL certificate grows linearly with the number of domains configured.

[X] Wrong: "nginx instantly finds the right certificate no matter how many domains there are."

[OK] Correct: nginx checks server blocks one by one until it finds a match, so more domains mean more checks.

Understanding how nginx handles multiple SSL certificates helps you explain real-world server performance and scaling in interviews.

"What if nginx used a hash map to store domain-to-certificate mappings? How would the time complexity change?"