On 03/03/16 12:37, Sam Varshavchik wrote:
>> Is there any possibility that SNI negotiation can take place when
>> doing SSL handshakes with couriers daemons so that multiple SSL
>> certificates can be used on the same IP?
>
> I haven't yet found the time to investigate what needs to be done
>to support SNI with OpenSSL. OpenSSL's documentation was always
> difficult to decipher overall, good examples are hard to come by.

Okay, close with GnuTLS but not OpenSSL so not completely out of the
question, perhaps. It's just that now LetsEncrypt is becoming popular
it will be super easy to add real certificates to any and all vhosts
on a single server with a single IP.

Would mail clients like Thunderbird need to understand SNI as well
or would it be up to only the server daemon to present the right
certificate?

Might be a vaguely related example here...

https://github.com/nginx/nginx/blob/master/src/http/ngx_http_request.c#L822

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to