[Dovecot] Proxying, pertinent values and features, SNI

Ed W lists at wildgooses.com
Wed Apr 3 13:13:41 EEST 2013


Hi

> I presume to best support all(?) clients out there is to have "local_name"
> sections for SNI first and then "local" sections for IP address based
> certs. It is my understanding that SNI needs to be requested by the
> client, so aside from client bugs (nah, those don't exist ^o^) every
> client should get an appropriate response for TLS.
> Has anybody done a setup like that already?
>

Although not what you asked for, just so you are aware, Godaddy (boo 
hiss, etc) offer reasonably inexpensive multi subject alt name based 
certs.  This means you can have a single cert which is valid for lots of 
completely different domain names.  The mild benefit is that this 
doesn't require SNI support for SSL (which I'm unsure is supported by 
many mail clients?)

Although it's more expensive, I think it's a good solution (I'm using it 
for a small 5 domain installation)

Good luck

Ed W


More information about the dovecot mailing list