Any update on lazy load SNI?

Pierre Allétru pierre.alletru at gmail.com
Thu Nov 3 13:37:57 UTC 2022


Thank you for the information Joel, very helpful! We've started doing the
exact same thing actually, with good ol' ssl_certificate_by_lua, until we
realized this wouldn't work with STARTTLS/STLS.

We'd like that to work though and we can't seem to find a solution if
Dovecot can't smoothly handle SNI at scale.

--
Pierre Allétru
06 70 55 08 35
pierre.alletru at gmail.com

Le jeu. 3 nov. 2022, 14:32, Joel A. Chornik <joel.chornik at gmail.com> a
écrit :

> What we do is have openresty(nginx) sit as a reverse proxy on top of
> dovecot, and use lua to dynamically load certificates using sni.
>
> We have a large userbase (100k+) and works without issues, except that it
> does not work with STARTTLS, only IMAP+TLS. Has not been an issue, as we
> setup users using autodiscover/autoconfig or as a fallback it is the
> default config in most user agents.
>
> Hope it helps
> Joel Chornik
>
> >
> > On 3 Nov 2022, at 10:24, Pierre Allétru <pierre.alletru at gmail.com>
> wrote:
> >
> > Pierre Allétru
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20221103/5f96735a/attachment-0001.htm>


More information about the dovecot mailing list