Mark Constable wrote: > > > > > > Would mail clients like Thunderbird need to understand SNI as > > > well > > > or would it be up to only the server daemon to present the right > > > certificate? > > Both. SNI is a protocol extension. Both the client and the server > > have to be explicitly coded to support it. > Thanks for the confirmation. According to this posting in 2011 the > author noted that Thunderbird does initiate the SSL handshake with > the hostname in plain text so it probably does do SNI. Promising. > > http://forums.mozillazine.org/viewtopic.php?f=39&t=2316281
I have used it and I confirm that thunderbird does support SNI and is able to interact correctly with courier. > I also found this reference so I'll give it a try, even though the > custom Debian packages I use most likely do not use GnuTLS. They don't. You will need to recompile the package using gnutls. Simply add --with-gnutls to COMMON_CONFOPTS in debian/rules and run dpkg-buildpackage (you will need the appropiate gnutls library and header files) I agree it would be nice to have two different packages providing courier-ssl in debian with the two crypto libraries. Even if you are only using the common subset of code,¹ it would be handy to have such option packaged for switching when new vulnerabilities are found (or going to be released). ¹ It's quite sad that their configurations aren't compatible, though. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users