mutt-kz/README.tls-sni at master · karelzak/mutt-kz · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
TLS-SNI Patch
=============

    Negotiate with a server for a TSL/SSL certificate

Patch
-----

    To check if Mutt supports "TLS-SNI", look for "patch-tls-sni" in the mutt
    version.

    Dependencies
    * mutt-1.5.24
    * OpenSSL

Introduction
------------

    The "TLS-SNI" patch adds support for TLS virtual hosting. If your mail
    server doesn't support this everything will still work normally.

    TLS supports sending the expected server hostname during the handshake, via
    the SNI extension. This can be used to select a server certificate to issue
    to the client, permitting virtual-hosting without requiring multiple IP
    addresses.

    This has been tested against Exim 4.80, which optionally logs SNI and can
    perform vhosting.

    To verify TLS SNI support by a server, you can use:

        openssl s_client -host <imap server> -port <port> -tls1 -servername
    <imap server>

See Also
--------

    * NeoMutt project

Known Bugs
----------

    None

Credits
-------

    * Jeremy Katz <katzj@linuxpower.org>
    * Phil Pennock <mutt-dev@spodhuis.demon.nl>
    * Richard Russon <rich@flatcap.org>