Mark Constable wrote:
> > > 
> > > Would mail clients like Thunderbird need to understand SNI as
> > > well
> > > or would it be up to only the server daemon to present the right
> > > certificate?
> > Both. SNI is a protocol extension. Both the client and the server
> > have to be explicitly coded to support it.
> Thanks for the confirmation. According to this posting in 2011 the
> author noted that Thunderbird does initiate the SSL handshake with
> the hostname in plain text so it probably does do SNI. Promising.
> 
> http://forums.mozillazine.org/viewtopic.php?f=39&t=2316281

I have used it and I confirm that thunderbird does support SNI and is
able to interact correctly with courier.


> I also found this reference so I'll give it a try, even though the
> custom Debian packages I use most likely do not use GnuTLS.

They don't. You will need to recompile the package using gnutls.

Simply add --with-gnutls to COMMON_CONFOPTS in debian/rules and run
dpkg-buildpackage (you will need the appropiate gnutls library and
header files)

I agree it would be nice to have two different packages providing
courier-ssl in debian with the two crypto libraries. Even if you are
only using the common subset of code,¹ it would be handy to have such
option packaged for switching when new vulnerabilities are found (or
going to be released).


¹ It's quite sad that their configurations aren't compatible, though.


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to