[
https://issues.apache.org/jira/browse/JAMES-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17832937#comment-17832937
]
Benoit Tellier commented on JAMES-4024:
---------------------------------------
Hello,
Technically it should be rather easy to overlad SSLHandler to achieve your
needs I bet - the protocol framework is supposed to allow for that.
However an implementation of SNI could land in James source tree.
Would you be motivated to contribute such a thing?
> Add support for SNI (separate certificate per domain)
> -----------------------------------------------------
>
> Key: JAMES-4024
> URL: https://issues.apache.org/jira/browse/JAMES-4024
> Project: James Server
> Issue Type: New Feature
> Components: protocols
> Affects Versions: 3.8.1
> Reporter: Amichai Rothman
> Priority: Major
>
> Currently it is only possible to configure one global certificate for all TLS
> communication of the entire server. However, many SMTP servers nowadays can
> be configured to validate that a certificate matches the (mx record) domain
> name when connecting to another SMTP server, and thus many SMTP servers also
> support SNI so they can serve up the proper certificate when receiving mail
> messages for multiple domains.
> James should also support SNI so it can work properly with secure
> configurations of all other SMTP servers, i.e. allow adding a separate
> certificate per supported domain(s), and support SNI to select the correct
> one per TLS connection. The existing global certificate can remain as
> fallback and to avoid breaking existing configurations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
