Re: SNI support in SSL?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 03.07.2014 11:39, schrieb Tomasz Chmielewski:
> Does Cyrus support SNI (Server Name Indication) is SSL?
> 
> I couldn't find this info in Cyrus documentation.


from my last point of information cyrus doesn't provide SNI so far in 
the meaning of virtual TLS hosting.

The only thing i find is:

--- snip ---
#if (OPENSSL_VERSION_NUMBER >= 0x0090806fL)
static int servername_callback(SSL *ssl, int *ad 
__attribute__((unused)),
void *arg __attribute__((unused)))
{
     const char *servername = SSL_get_servername(ssl, 
TLSEXT_NAMETYPE_host_name);

     if (servername) {
syslog(LOG_DEBUG, "TLS Server Name Indication (SNI) Extension: \"%s\"",
servername);
     }

     return SSL_TLSEXT_ERR_OK;
}
#endif
--- snap ---

...seems to just check if the SNI TLS details from client are correct 
(if the openssl is new enough to provide "SNI"). This doesn't need any 
further configuration of cyrus.

SNI just makes sense if each client provides SNI too and this is afaik 
not the case for - compared to i.e. http - many mail clients.

But i'm still open to learn anything new about this...


Best regards,

Niels.
---
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux