On March 29, 2013 08:14PM Phil Pennock wrote:
> On 2013-03-30 at 02:24 +0400, Valentin V. Bartenev wrote:
> > On Saturday 30 March 2013 01:30:21 lblankers wrote:
> > > I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP
> > > submission for several different domains over SSL. I would expect that if I
> > > configure multiple servers with different server names that a TLS v1 client
> > > will select the correct one through SNI. However I always get the first
> > > certificate regardless of the hostname specified in ClientHello.
> > >
> > > Is there something wrong with my config?
> > >
> >
> > The problem is that TLS SNI currently is not supported in mail proxy.
>
> If someone needs TLS SNI with SMTP right now, Exim supports this. It's
> not designed to be as scalable as nginx in performance, but it does okay
> for most folks' purposes.
Thanks for clearing that up. I would prefer to use nginx rather than switch
to Exim because I would like to use nginx to proxy IMAP using SSL SNI
as well. Would it be possible to add SNI to the mail proxy?
I am doing this as a hobby project rather than professionally so getting
multiple IPs in order to host multiple domains is prohibitively expensive.
Both in one time cost (~ € 100) and recurring cost (€ 2.50 / month / IP).
So if someone could suggest a cheaper solution (e.g. sponsoring a
developer to add this feature) I would very much appreciate that.
Laurens