Displaying 20 results from an estimated 2000 matches similar to: "lazy-load SNI?"
2016 Nov 11
3
lazy-load SNI?
On 11.11.2016 12:22, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Felipe Gasper wrote:
>> Hello,
>>
>> We?re rolling out large SNI deployments for our mail servers. Each domain
>> gets an entry like this in the config:
>>
>> local_name mail.foo.com {
>> ssl_cert = </ssl/domain_tls/*.foo.com/combined
>> ssl_key =
2016 Nov 11
1
lazy-load SNI?
> On November 11, 2016 at 12:22 PM Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
>
>
> On Friday 11 of November 2016, Felipe Gasper wrote:
> > Hello,
> >
> > We?re rolling out large SNI deployments for our mail servers. Each domain
> > gets an entry like this in the config:
> >
> > local_name mail.foo.com {
> > ssl_cert =
2016 Nov 11
0
lazy-load SNI?
On Friday 11 of November 2016, Felipe Gasper wrote:
> Hello,
>
> We?re rolling out large SNI deployments for our mail servers. Each domain
> gets an entry like this in the config:
>
> local_name mail.foo.com {
> ssl_cert = </ssl/domain_tls/*.foo.com/combined
> ssl_key = </ssl/domain_tls/*.foo.com/combined
> }
Lack of glob/regexp support here is also a
2016 Nov 11
2
lazy-load SNI?
On 11.11.2016 19:17, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Aki Tuomi wrote:
>
>> If you are interested in testing, please find patch attached that allows
>> you to specify
>>
>> local_name *.foo.bar {
>> }
>>
>> or
>>
>> local_name *.*.foo.bar {
>> }
>>
>> so basically you can now use certificate
2016 Oct 20
2
logging TLS SNI hostname
On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
> On Monday 17 of October 2016, KT Walrus wrote:
>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
>>>
>>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
>>>> Is there a way to log SNI hostname used in TLS session? Info is there in
>>>>
2016 Oct 20
2
logging TLS SNI hostname
On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote:
> On Thursday 20 of October 2016, Aki Tuomi wrote:
>> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
>>> On Monday 17 of October 2016, KT Walrus wrote:
>>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl>
>>>>> wrote:
>>>>>
>>>>> On Monday 30
2016 Oct 17
2
logging TLS SNI hostname
> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
>
> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
>> Is there a way to log SNI hostname used in TLS session? Info is there in
>> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to
>> ssl_io->host.
>>
>> Unfortunately I don't see it expanded to any
2016 Oct 20
4
logging TLS SNI hostname
On 20.10.2016 15:52, Arkadiusz Mi?kiewicz wrote:
> > ... -servername something
If you want to try out, try applying this patch...
>From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: Thu, 20 Oct 2016 16:06:27 +0300
Subject: [PATCH] login-common: Include local_name in login_var_expand_table
This way it can be used
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2018 Aug 29
3
SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key =
2018 Mar 21
1
v2.2.35 released
On Wednesday 21 of March 2018, Arkadiusz Mi?kiewicz wrote:
> On Monday 19 of March 2018, Aki Tuomi wrote:
> > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
> > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
>
> [...]
>
> > - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
>
> That change broke handling of such
2016 Dec 01
1
Multiple names in local_name for UCC certificates (was lazy-load SNI?)
Thank you, we'll start looking at this.
Aki
On 01.12.2016 09:44, J. Nick Koston wrote:
> Hi Aki & Felipe,
>
> Attached is an implementation of supporting multiple domains in local_name.
>
> Example
>
> local_name "mail.domain.tld domain.tld mx.domain.tld" { ... }
>
> This can significantly reduce memory usage when using
> a UCC certificate with
2016 Nov 11
2
lazy-load SNI?
>>>
>>> Great! Seems to be working fine for my usage and makes my configs 50%
>>> smaller (which is gigantic improvement). Will do more testing though.
>>>
>>> Thanks!
>>>
>>>
A little bit offtopic, but what is the point of using imap/pop SNI? All
clients want to connect to their own domain or what?
--
Kaspars
2019 Sep 13
2
Multiple certificate option SNI
Hi
I have some problem with SNI and dovecot 2.2.36.4
Server debian 9.x ad dovecot-2.2.36.4
default server ssl cert is a wildcard like *.domain.com (digicert)
ssl_ca = /var/control/cert.pem
ssl_cert = </var/control/cert.pem
I added for test another domain (in dns to) for another ssl (letsencrypt)
from https://wiki.dovecot.org/SSL/DovecotConfiguration
like:
local_name
2016 Jun 21
2
Pluggable SNI?
Hello,
How feasible would it be to have a ?pluggable? Dovecot setup that would permit arbitrary logic for fetching TLS/SNI certificates and key, rather than having to hard-code each domain?s resources in a configuration file?
A couple scenarios that I envision such a framework being able to accommodate:
1) An internal TLS service that accepts queries via a UNIX socket by domain name and
2013 Apr 03
2
Proxying, pertinent values and features, SNI
Hello,
I'm looking into deploying dovecot as a proxy, currently using perdition.
Have been using dovecot on the actual servers for years, nearly a decade.
So far just 1.x, but for the proxy it will have to be 2.x (2.1.7 is the
current Debian version), as the trigger for this change is the need to
support multiple SSL certificates.
All that happens on the proxy seems to be handled by the
2016 Oct 26
2
multiple SSL certificates story
Hi.
Little story :-)
I'm playing with dovecot 2.2.25 and multiple SSL certificates. ~7000 certificates
which are loaded twice, so my dovecot has ~14 000 certificate pairs
(14k key + 14k cert) in config.
14 000 local_name entries. Like these:
local_name imap.example.com {
ssl_cert = </etc/certs/cert1.pem
ssl_key = </etc/certs/cert1.pem
}
local_name pop3.example.com {
ssl_cert =
2018 Jul 20
2
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Hi,
I recognised some funny behaviour on my server. IMAP clients which
won't send an Server Name Indication (SNI) sometimes get the wrong
certificate. I would expect that those clients always get the default
certificate (of my new domain), instead in about 20 to 50% of
connections the certificate of my old domain will be presented.
(sample rate was 3 times 30 connections)
Clients sending SNI
2016 May 30
2
logging TLS SNI hostname
Is there a way to log SNI hostname used in TLS session? Info is there in
SSL_CTX_set_tlsext_servername_callback, dovecot copies it to
ssl_io->host.
Unfortunately I don't see it expanded to any variables (
http://wiki.dovecot.org/Variables ). Please consider this to be a feature
request.
The goal is to be able to see which hostname client used like:
May 30 08:21:19 xxx dovecot: