> On 23/05/2025 18:01 EEST Damian via dovecot <dovecot@dovecot.org> wrote: > > > On 2025-05-23 12:57, Aki Tuomi via dovecot wrote: > > > > It should work if you send cn, that should be supported. Are you sure you > > are sending SNI in your testing? e.g. with openssl you need to use > > -servername foobar to actually send SNI. > > > > Aki > > Thanks. Yeah I am sure. I am filtering by SNI on haproxy. My mail client > is properly using SNI in TLS. Just confirmed it with wireshark: > > Extension: server_name (len=17) > Type: server_name (0) > Length: 17 > Server Name Indication extension > Server Name list length: 15 > Server Name Type: host_name (0) > Server Name length: 12 > Server Name: secret > > Also on server I see PROXY V2 packets. I set haproxy to send authority > TLV (which contains SNI value used by client) and it seems dovecot still > does not make use of it. > > TLV: (t=2,l=12) AUTHORITY > Type: AUTHORITY (0x02) > Length: 12 > Value: secret > > > So it seems it is not supported by dovecot or it is a bug. What you > think? Could you confirm that TLV AUTHORITY is supported by dovecot and > this should work for sure? If this is a bug where should I report it? > > DK
Hi! It should work, I'll open a ticket about this. Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
