On Fri, Nov 07, 2014 at 12:35:01AM +0200, Sven K?hler wrote:
> I'd like to use Thunderbird (which seems to support SNI) together with
> Postfix on port 587 (submission only) and I'd like Postfix to choose
> from several (below 10) certificates based on the indicated server name.
>
> I don't have the option to buy one IP per hostname that I want to
> support. As we all know, IPv4 addresses are expensive as they are not
> many of them left.
If certificates with a subjectAltName are not an option, you can
use a different port for each certificate domain.
There are at present no plans for server-side SNI support in Postfix.
OpenSSL does not even implement server-side SNI completely correctly
as yet.
--
Viktor.
