On Mon, Dec 14, 2015 at 04:34:58PM +0000, Viktor Dukhovni wrote:
> So, we've managed to hold off on offering SNI support for a decade
> since TLS was integrated into Postfix 2.2. I just wanted to see
> whether anyone still wanted it in Postfix, but perhaps if they
> really did they've moved on to other solutions.
So far I'm not sensing any burning desire for server-side SNI in
Postfix, and it is quite late in the 3.1 cycle, so if we're going
to do SNI, it'll be in 3.2 or later.
At present, the Postfix SMTP client only sends SNI with DANE, where
it is clear what name to ask for (the TLSA base domain). With
"verify" and "secure" it is far from clear that sending SNI would
do more good than harm, and we match multiple names or name patterns,
so the choice of what to send in SNI is not so clear.
I think we're set for now with Postfix as-is.
--
Viktor.
