On 03/03/16 12:37, Sam Varshavchik wrote: >> Is there any possibility that SNI negotiation can take place when >> doing SSL handshakes with couriers daemons so that multiple SSL >> certificates can be used on the same IP? > > I haven't yet found the time to investigate what needs to be done >to support SNI with OpenSSL. OpenSSL's documentation was always > difficult to decipher overall, good examples are hard to come by.
Okay, close with GnuTLS but not OpenSSL so not completely out of the question, perhaps. It's just that now LetsEncrypt is becoming popular it will be super easy to add real certificates to any and all vhosts on a single server with a single IP. Would mail clients like Thunderbird need to understand SNI as well or would it be up to only the server daemon to present the right certificate? Might be a vaguely related example here... https://github.com/nginx/nginx/blob/master/src/http/ngx_http_request.c#L822 ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users