>>>>> "KA" == Kim Alvefur <[email protected]> writes:
KA> I was actually working on that the other day. Support for SNI doesn't KA> make it easier if the SNI name does not match any local service names, KA> only SRV targets, which could be anything. The SRV target would be an A or AAAA name, that should be a hostname which the target machine expects. The goal is a single hostname for each tls server, with one cert. The service name is only supposed to be relevant iff ( the dns lookups are not secure OR there is no TLSA ) . -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6
