starttls-everywhere icon indicating copy to clipboard operation
starttls-everywhere copied to clipboard
verified publisher icon EFForg

SNI not support :(

Open suffixbabai opened this issue 5 years ago • 2 comments

The check "babai.ru" show:

Failure: Name in cert doesn't match hostname: x509: certificate is valid for localhost, not mail.babai.ru

But new version openssl, testssl.sh, sslyze immuniweb test show valid thawte certificate:

https://www.immuniweb.com/ssl/?id=WxGZsI4I

suffixbabai avatar Mar 07 '20 22:03 suffixbabai

I can confirm this, and it is especially an issue for servers hosting emails for several domains.

ArchangeGabriel avatar Apr 06 '20 13:04 ArchangeGabriel

You need to enable SNI support by either setting smtp_tls_servername to hostname or add servername=hostname for the relevant hots in the tls_policy map file.

klausenbusk avatar Jul 28 '20 09:07 klausenbusk