[stunnel-users] Server-side SNI support

Michal Trojnara Michal.Trojnara at mirt.net
Sat Jun 18 07:05:02 CEST 2011


Dear Users,

I'd like the next version of stunnel to support server-side Server  
Name Indication:
https://secure.wikimedia.org/wikipedia/en/wiki/Server_Name_Indication

The new service-level stunnel.conf option would be:
sni = <master service>:<sni host>

For example:

[virtual]
accept = 443
; settings for clients that didn't send an SNI extension
cert = default.pem
connect = default.internal.mydomain.com:80

[sni1]
; notice that "sni" option is used instead of "accept"
sni = virtual:server1.mydomain.com
cert = server1.pem
connect = server1.internal.mydomain.com:80

[sni2]
sni = virtual:server2.mydomain.com
cert = server2.pem
connect = server2.internal.mydomain.com:80
; other service-level options may be specified here
verify = 3
CAfile = server2-allowed-clients.pem

[sni3]
sni = virtual:server3.mydomain.com
cert = server3.pem
connect = server3.internal.mydomain.com:80

I would appreciate your comments on the user interface I designed for  
this functionality.

Best regards,
	Michal Trojnara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110618/027a7525/attachment.sig>


More information about the stunnel-users mailing list