[Dovecot] TLS SNI with Dovecot

Reindl Harald h.reindl at thelounge.net
Mon Dec 23 00:15:12 EET 2013

Am 22.12.2013 23:09, schrieb Gedalya:
> On 12/22/2013 04:26 PM, Reindl Harald wrote:
>> forget it - SNI is relevant for webservers because different
>> vhosts with different contents, typically not for mailservers
>> why do you start the burden of different certs instead
>> "mail.your-company.tld" and give that hostname to any user?
> While it's true that there is no strictly technical benefit to SNI in IMAP, it can perhaps have benefits in terms
> of presentability.
> Hosted domain customers might want to be able to use their own certificates issued to them rather than using
> Subject Alternate Names etc, for purely cosmetic reasons.

hopefully they pay for that "cosmetic reasons" or leave technical things to techs
keep in mind that you need a certificate with each used domain as SAN (subject
alternative name) which means each time you host a new domain you need to change
the certificate - Thawte calculates 169,- per jear and SAN - have fun :-)

then there are mail-clients - which of them do not support SNI, or in case
of mail clients which of them do support it properly and how is the
presentability in case of certificate warnings for the one which does not

169,- for cosmetic reasons - well, i would prefer a chiropody instead.....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131222/425c9f33/attachment.bin>

More information about the dovecot mailing list