On Sat, 12 Feb 2005, Uwe Menges wrote:
Hello,
I'd like to use TLS/SSL with cyrus' virtual domains, but have only one IP available. I'd also like not to set up two different ports.
Is it possible to use different certificates for the different domains? If yes, how?
The documentation mentions only [servicename]_tls_cert_file and [servicename]_tls_key_file but as already written I'd rather prefer a single port/service for cyrus.
I'm using Debian/stable cyrus22 backport (2.2.10-1) with exim4 (4.34-9.backports.org.1).
Yours, Uwe
My understanding based on my experiences with Apache is that this is not possible. The reason is because the SSL handshake between the client and server is done before any other communication. The server doesn't know which domain the client is trying to connect to, so it can't know which certificate to present.
In Apache, you must run on different IP addresses or different ports to use multiple certificates. I believe the same underlying reasons apply here as well.
Andy --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
