[stunnel-users] Server-side SNI support
Michal Trojnara
Michal.Trojnara at mirt.net
Sat Jun 18 07:05:02 CEST 2011
Dear Users,
I'd like the next version of stunnel to support server-side Server
Name Indication:
https://secure.wikimedia.org/wikipedia/en/wiki/Server_Name_Indication
The new service-level stunnel.conf option would be:
sni = <master service>:<sni host>
For example:
[virtual]
accept = 443
; settings for clients that didn't send an SNI extension
cert = default.pem
connect = default.internal.mydomain.com:80
[sni1]
; notice that "sni" option is used instead of "accept"
sni = virtual:server1.mydomain.com
cert = server1.pem
connect = server1.internal.mydomain.com:80
[sni2]
sni = virtual:server2.mydomain.com
cert = server2.pem
connect = server2.internal.mydomain.com:80
; other service-level options may be specified here
verify = 3
CAfile = server2-allowed-clients.pem
[sni3]
sni = virtual:server3.mydomain.com
cert = server3.pem
connect = server3.internal.mydomain.com:80
I would appreciate your comments on the user interface I designed for
this functionality.
Best regards,
Michal Trojnara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110618/027a7525/attachment.sig>
More information about the stunnel-users
mailing list