You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2024/04/01 19:39:00 UTC

[jira] [Commented] (JAMES-4024) Add support for SNI (separate certificate per domain)

    [ https://issues.apache.org/jira/browse/JAMES-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17832937#comment-17832937 ] 

Benoit Tellier commented on JAMES-4024:
---------------------------------------

Hello,

Technically it should be rather easy to overlad SSLHandler to achieve your needs I bet - the protocol framework is supposed to allow for that.

However an implementation of SNI could land in James source tree.

Would you be motivated to contribute such a thing?



> Add support for SNI (separate certificate per domain)
> -----------------------------------------------------
>
>                 Key: JAMES-4024
>                 URL: https://issues.apache.org/jira/browse/JAMES-4024
>             Project: James Server
>          Issue Type: New Feature
>          Components: protocols
>    Affects Versions: 3.8.1
>            Reporter: Amichai Rothman
>            Priority: Major
>
> Currently it is only possible to configure one global certificate for all TLS communication of the entire server. However, many SMTP servers nowadays can be configured to validate that a certificate matches the (mx record) domain name when connecting to another SMTP server, and thus many SMTP servers also support SNI so they can serve up the proper certificate when receiving mail messages for multiple domains.
> James should also support SNI so it can work properly with secure configurations of all other SMTP servers, i.e. allow adding a separate certificate per supported domain(s), and support SNI to select the correct one per TLS connection. The existing global certificate can remain as fallback and to avoid breaking existing configurations.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org