[BlueOnyx:23865] Re: Is dovecot's SNI support planned?
Tomohiro Hosaka
bokutin at gmail.com
Thu May 21 08:14:54 -05 2020
I found the description of dane_tlsa_sni in
ftp://ftp.sendmail.org/pub/sendmail/snapshots/sendmail.8.16.0.48.tar.gz.
It may support it.
It may not be included in sendmail.8.16.0.41.tar.gz, so it may be a
recent change.
Sorry for posting again and again.
I want to calm down and investigate.
2020年5月21日(木) 21:42 Tomohiro Hosaka <bokutin at gmail.com>:
>
> Hmmm, sendmail doesn't support SNI...
>
> I think bluequartz also changed qpopper to dovecot in the past.
> I wonder if sendmail will change...
>
> I just noticed that the sendmail.org page was gone.
>
> 2020年5月21日(木) 16:22 Tomohiro Hosaka <bokutin at gmail.com>:
> >
> > Hi,
> >
> > We are considering SNI support for dovecot for pops and imaps.
> >
> > Specifically, it can be done with the following code.
> >
> > # /etc/dovecot/conf.d/11-ssl-sni.conf
> > local_name system.fqdn {
> > ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> > ssl_key = </etc/pki/dovecot/private/dovecot.pem
> > }
> > % for my $vsite_fqdn (@vsite) {
> > local_name $vsite_fqdn {
> > ssl_cert = </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.cer
> > ssl_key = </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.key
> > }
> > % }
> >
> > Add this to /usr/sausalito/handlers/base/email/copy_certs.pl etc
> > I think that it can be supported by inserting an appropriate hook in
> > /usr/sausalito/conf/base/email/email.conf.
> >
> > If SNI is not supported for pops and imaps, hostname verification
> > failed will occur unless system.fqdn is specified.
> > The owner of vsite I think it's cool is better to be without knowing
> > the system.fqdn.
> >
> > There are various likes and dislikes of the trend of https conversion
> > and let's encrypt, but the mobile environment around us and MUA are
> > pressing us.
> >
> > Thanks,
More information about the Blueonyx
mailing list