Dear Users,
I'd like the next version of stunnel to support server-side Server Name Indication: https://secure.wikimedia.org/wikipedia/en/wiki/Server_Name_Indication
The new service-level stunnel.conf option would be: sni = <master service>:<sni host>
For example:
[virtual] accept = 443 ; settings for clients that didn't send an SNI extension cert = default.pem connect = default.internal.mydomain.com:80
[sni1] ; notice that "sni" option is used instead of "accept" sni = virtual:server1.mydomain.com cert = server1.pem connect = server1.internal.mydomain.com:80
[sni2] sni = virtual:server2.mydomain.com cert = server2.pem connect = server2.internal.mydomain.com:80 ; other service-level options may be specified here verify = 3 CAfile = server2-allowed-clients.pem
[sni3] sni = virtual:server3.mydomain.com cert = server3.pem connect = server3.internal.mydomain.com:80
I would appreciate your comments on the user interface I designed for this functionality.
Best regards, Michal Trojnara