TLS-SNI Feature

Negotiate with a server for a TLS/SSL certificate

1. Support

Since: NeoMutt 2016-03-07

Dependencies:

OpenSSL

2. Introduction

The TLS-SNI feature adds support for TLS virtual hosting. If your mail server doesn't support this everything will still work normally.

TLS supports sending the expected server hostname during the handshake, via the SNI extension. This can be used to select a server certificate to issue to the client, permitting virtual-hosting without requiring multiple IP addresses.

This has been tested against Exim 4.80, which optionally logs SNI and can perform vhosting.

To verify TLS SNI support by a server, you can use:

openssl s_client -host <imap server> -port <port> -tls1 -servername <imap server>

3. Known Bugs

None

4. Credits