Welcome! Log In Create A New Profile

Advanced

Mail proxy with SNI

March 29, 2013 05:30PM
Hi,

I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP submission for several different domains over SSL. I would expect that if I configure multiple servers with different server names that a TLS v1 client will select the correct one through SNI. However I always get the first certificate regardless of the hostname specified in ClientHello.

Is there something wrong with my config?

mail {
auth_http 127.0.0.1/auth.php;

smtp_auth login plain;
smtp_capabilities "SIZE 10240000" "VRFY" "ETRN" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";

server {
listen 587;
server_name domain1.nl;
protocol smtp;
proxy on;
starttls only;
ssl_certificate /etc/nginx/ssl/domain1.crt;
ssl_certificate_key /etc/nginx/ssl/domain1.key;
}

server {
listen 587;
server_name domain2.com;
protocol smtp;
proxy on;
starttls only;
ssl_certificate /etc/nginx/ssl/domain2.crt;
ssl_certificate_key /etc/nginx/ssl/domain2.key;
}

}
SubjectAuthorPosted

Mail proxy with SNI

lblankersMarch 29, 2013 05:30PM

Re: Mail proxy with SNI

Valentin V. BartenevMarch 29, 2013 06:26PM

Re: Mail proxy with SNI

Phil PennockMarch 29, 2013 08:14PM

Re: Mail proxy with SNI

lblankersMarch 30, 2013 04:33AM

Re: Mail proxy with SNI

Jonathan MatthewsMarch 30, 2013 09:00AM

RE: Mail proxy with SNI

Lukas TribusMarch 30, 2013 09:58AM

Re: RE: Mail proxy with SNI

lblankersMarch 30, 2013 12:05PM

Re: RE: Mail proxy with SNI

salsajMay 15, 2014 11:23AM

Re: RE: Mail proxy with SNI

Maxim DouninMay 15, 2014 12:36PM

Re: Mail proxy with SNI

Sven KöhlerNovember 07, 2014 08:02PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 120
Record Number of Users: 5 on November 26, 2014
Record Number of Guests: 173 on November 26, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready