SNI support in `mail` context (fixed formatting)

Denis Sh. denok at yandex.com
Mon Jul 6 18:42:41 UTC 2020


Yeah, It's 2020 after all :)

I think most modern mail client do support SNI and send server name in client hello.

So, Chris, you're saying that you successfully run Postfix and Dovecot that rely on SNI in production?
How bit is your user base, roughly?

Thanks

06.07.2020, 11:21, "Chris Adams" <linux at cmadams.net>:
> Once upon a time, Maxim Dounin <mdounin at mdounin.ru> said:
>>  Note though that in general there is no concept of name-based
>>  virtual hosts in mail protocols, and using name-based virtual
>>  hosts for SSL might not be a good idea either. Also, status of
>>  SNI support by email clients varies, and "unknown" in most cases
>>  (https://en.wikipedia.org/wiki/Comparison_of_email_clients).
>
> I'm pretty sure that list is out of date - I have Dovecot handling
> POP/IMAP for a bunch of domains with SNI and no user complaints. I'd
> lean towards the SNI column being ? because it's just not being checked.
>
> --
> Chris Adams <linux at cmadams.net>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list