Re: SNI support in SSL?

2014-07-03 Thread Scott Lambert
First I have to appologize for not reading the original post closely enough. On Thu, Jul 03, 2014 at 07:01:05PM +0200, Tomasz Chmielewski wrote: > Thanks. > > I see something similar in documentation: > > http://cyrusimap.org/docs/cyrus-imapd/2.4.17/install-configure.php > > Optionally, y

Re: SNI support in SSL?

2014-07-03 Thread Tomasz Chmielewski
Thanks. I see something similar in documentation: http://cyrusimap.org/docs/cyrus-imapd/2.4.17/install-configure.php Optionally, you can use separate certificates and key files for each service: [servicename]_tls_cert_file: /var/imap/imap-server.pem [servicename]_tls_key_file

Re: SNI support in SSL?

2014-07-03 Thread Scott Lambert
On Thu, Jul 03, 2014 at 01:08:38PM +0200, Tomasz Chmielewski wrote: > I mean binding it to one IP, but being able to serve different SSL > certificates. > > I think with Cyrus, one needs Subject Alternative Names (SANs) > certificate for that. No, you can do it with seperate certs. It is done

Re: SNI support in SSL?

2014-07-03 Thread Tomasz Chmielewski
I mean binding it to one IP, but being able to serve different SSL certificates. I think with Cyrus, one needs Subject Alternative Names (SANs) certificate for that. -- Tomasz Chmielewski http://www.sslrack.com On 2014-07-03 12:50, Niels dettenbach wrote: > Am 03.07.2014 12:36, schrieb Tomas

Re: SNI support in SSL?

2014-07-03 Thread Niels dettenbach
Am 03.07.2014 12:36, schrieb Tomasz Chmielewski: > However, I don't see a way to set Cyrus to listen on one IP Binding cyrus daemons to specific IPs is possible (and even multiple IPs) within cyrus.conf: i.e. for IMAPs: one IP: imaps cmd="imapd -s" listen="my.host.ip:imaps" prefork=

Re: SNI support in SSL?

2014-07-03 Thread Tomasz Chmielewski
Hi, yes, from the code you've pasted, I see it is able to distinguish the server name. And indeed it works: openssl s_client -connect some-server:143 -starttls imap -servername some-domain Makes cyrus log: TLS Server Name Indication (SNI) Extension: "some-domain" So in a way, Cyrus is able

Re: SNI support in SSL?

2014-07-03 Thread Niels dettenbach
Am 03.07.2014 11:39, schrieb Tomasz Chmielewski: > Does Cyrus support SNI (Server Name Indication) is SSL? > > I couldn't find this info in Cyrus documentation. from my last point of information cyrus doesn't provide SNI so far in the meaning of virtual TLS hosting. The only thing i find is:

SNI support in SSL?

2014-07-03 Thread Tomasz Chmielewski
Does Cyrus support SNI (Server Name Indication) is SSL? I couldn't find this info in Cyrus documentation. -- Tomasz Chmielewski http://www.sslrack.com Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://li