Hello!
On Mon, Jul 06, 2020 at 03:55:05PM -0400, everhardt wrote:
> Thanks for your reply, Maxim! I'll work out an alternative then.
>
> Re. session resumption, I read in the OpenSSL docs
> (https://www.openssl.org/docs/man1.1.0/man3/SSL_get0_verified_chain.html)
> that OpenSSL is willing to st
Hello!
On Mon, Jul 06, 2020 at 12:08:50PM -0700, Denis Sh. wrote:
> Thanks Maxim, so
>
> > SNI server name as sent by the client can be passed to the
> > auth_http script if needed, along this other Auth-SSL* headers,
> > this should be simple enough.
>
> you mean with config or changing NGINX
Thanks for your reply, Maxim! I'll work out an alternative then.
Re. session resumption, I read in the OpenSSL docs
(https://www.openssl.org/docs/man1.1.0/man3/SSL_get0_verified_chain.html)
that OpenSSL is willing to store the chain longer than a single request, but
only if the implementing appli
Thanks Maxim, so
> SNI server name as sent by the client can be passed to the
> auth_http script if needed, along this other Auth-SSL* headers,
> this should be simple enough.
you mean with config or changing NGINX code?
> But we are yet to see use cases
> where this is needed
use case - having
Hello!
On Mon, Jul 06, 2020 at 11:07:56AM -0700, Denis Sh. wrote:
> Thank for your reply, Maxim. Sorry, I screwed with HTML formatting!
>
> What are the chances that you would look into adding these variable into
> mail module in upstream?
> Looks like it's not very hard to do. Or SNI for mai
Yeah, It's 2020 after all :)
I think most modern mail client do support SNI and send server name in client
hello.
So, Chris, you're saying that you successfully run Postfix and Dovecot that
rely on SNI in production?
How bit is your user base, roughly?
Thanks
06.07.2020, 11:21, "Chris Adams"
so, I think passtrhru AUTH IMAP and POP works out of the box now.
It's only SMTP that NGINX never even tries to AUTH against backed.
I wonder why this decision was taken?
06.07.2020, 11:27, "Chris Adams" :
> Once upon a time, Denis Sh. said:
>> Also, I wasn't able to find a reason why NGINX
Once upon a time, Denis Sh. said:
> Also, I wasn't able to find a reason why NGINX intentionally doesn't support
> passing thru the AUTH to the backend for SMTP, same as with IMAP/POP?
I looked at adding this, using ID for IMAP and XCLIENT for POP3 (what
Dovecot supports)... didn't get the time
Once upon a time, Maxim Dounin said:
> Note though that in general there is no concept of name-based
> virtual hosts in mail protocols, and using name-based virtual
> hosts for SSL might not be a good idea either. Also, status of
> SNI support by email clients varies, and "unknown" in most cas
Thank for your reply, Maxim. Sorry, I screwed with HTML formatting!
What are the chances that you would look into adding these variable into mail
module in upstream?
Looks like it's not very hard to do. Or SNI for mail is not considered to be a
real thing?
>>> But if the goal is to provide
>>
Thank for your reply, Maxim. What are the chances that you would look into adding these variable into mail module in upstream?Looks like it's not very hard to do. Or SNI for mail is not considered to be a real thing? >> But if the goal is to provide> different certificates to different names reques
Hello!
On Mon, Jul 06, 2020 at 10:17:31AM -0700, Denis Sh. wrote:
> So, when proxying SMTP/IMAP, is it possible to get the Server
> Name that mail clients send as a part of Client Hello?
Currently no.
> Similar to Embedded Variables for ngx_http_ssl_module:
> $ssl_server_name
> returns the ser
Hi!
So, when proxying SMTP/IMAP, is it possible to get the Server Name that mail
clients send as a part of Client Hello?
Similar to Embedded Variables for ngx_http_ssl_module:
$ssl_server_name
returns the server name requested through SNI (1.7.0);
I don't see these vars defined here
https://gi
Hi! So, when proxying SMTP/IMAP, is it possible to get the Server Name that mail clients send as a part of Client Hello? Similar to Embedded Variables for ngx_http_ssl_module:$ssl_server_namereturns the server name requested through SNI (1.7.0); Or should I use `stream` to proxy mail? What about ST
Hello!
On Sat, Jul 04, 2020 at 05:52:09AM -0400, everhardt wrote:
> I have the following certificate chain: Root certificate > Intermediate
> certificate > End user certificate.
>
> I've set up nginx as an SSL termination proxy for a backend service that
> differentiates it actions based on the
Hello,
Recently, we found if we use nginx slice module , and upstream server is
such as a static file server, nginx will response duplicated
`Accept-Ranges` headers if client request is not included range header.
the minimal config example as follow:
```
server {
listen
The problem appeared again and at the time of writing is still present and i
did not reboot the machine which will fix it.
The following are the commands i executed in order to get some info:
Basically this seems a problem with nginx and not a library issue:
first of all: is it running nginx?
[ro
17 matches
Mail list logo
