logging TLS SNI hostname

Arkadiusz Miśkiewicz arekm at maven.pl
Mon Oct 17 06:41:38 UTC 2016


On Monday 30 of May 2016, Arkadiusz Miśkiewicz wrote:
> Is there a way to log SNI hostname used in TLS session? Info is there in
> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to
> ssl_io->host.
> 
> Unfortunately I don't see it expanded to any variables (
> http://wiki.dovecot.org/Variables ). Please consider this to be a feature
> request.
> 
> The goal is to be able to see which hostname client used like:
> 
> May 30 08:21:19 xxx dovecot: pop3-login: Login: user=<abc>, method=PLAIN,
> rip=1.1.1.1, lip=2.2.2.2, mpid=17135, TLS, SNI=pop3.somehost.org,
> session=<hfS9Qwk03sBTBnrN>

Dear dovecot team, would be possible to add such variable ^^^^^ ?

That would be neat feature because server operator would know what hostname 
client uses to connect to server (which is really usefull in case of many 
hostnames pointing to single IP).

Thanks,
-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )


More information about the dovecot mailing list