SNI support in SSL?

Niels dettenbach nd at
Thu Jul 3 05:54:22 EDT 2014

Am 03.07.2014 11:39, schrieb Tomasz Chmielewski:
> Does Cyrus support SNI (Server Name Indication) is SSL?
> I couldn't find this info in Cyrus documentation.

from my last point of information cyrus doesn't provide SNI so far in 
the meaning of virtual TLS hosting.

The only thing i find is:

--- snip ---
#if (OPENSSL_VERSION_NUMBER >= 0x0090806fL)
static int servername_callback(SSL *ssl, int *ad 
void *arg __attribute__((unused)))
     const char *servername = SSL_get_servername(ssl, 

     if (servername) {
syslog(LOG_DEBUG, "TLS Server Name Indication (SNI) Extension: \"%s\"",

     return SSL_TLSEXT_ERR_OK;
--- snap ---

...seems to just check if the SNI TLS details from client are correct 
(if the openssl is new enough to provide "SNI"). This doesn't need any 
further configuration of cyrus.

SNI just makes sense if each client provides SNI too and this is afaik 
not the case for - compared to i.e. http - many mail clients.

But i'm still open to learn anything new about this...

Best regards,

Niels Dettenbach
Syndicat IT&Internet

More information about the Info-cyrus mailing list