Hi folks, We need to use SNI with Dovecot at a relatively large scale and I was wondering if there's any update on the ability to: 1 - Lazy load SNI certificates when they are needed instead of loading them all at once during startup/reload, thus taking a lot of memory and being very slow. 2 - Not having to reload Dovecot every time a new domain cert is added in conf. 3 - Or at least have Dovecot keep processing clients while the slow reload happens. This has been asked already in a 2016 thread: https://www.dovecot.org/pipermail/dovecot/2016-November/106075.html. Regarding point 3 there's a reply from Aki saying it was in the internal tasklist ( https://www.dovecot.org/pipermail/dovecot/2016-November/106089.html). Anybody knows if some progress has been made on these subjects? I can't anything in the docs or any recent information anywhere else. Thanks, -- Pierre All?tru 06 70 55 08 35 pierre.alletru at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20221103/c4e6f90e/attachment.htm>
What we do is have openresty(nginx) sit as a reverse proxy on top of dovecot, and use lua to dynamically load certificates using sni. We have a large userbase (100k+) and works without issues, except that it does not work with STARTTLS, only IMAP+TLS. Has not been an issue, as we setup users using autodiscover/autoconfig or as a fallback it is the default config in most user agents. Hope it helps Joel Chornik> > On 3 Nov 2022, at 10:24, Pierre All?tru <pierre.alletru at gmail.com> wrote: > > Pierre All?tru