--- /dev/null
+TLS-SNI Patch
+=============
+
+ Negotiate with a server for a TSL/SSL certificate
+
+Patch
+-----
+
+ To check if Mutt supports "TLS-SNI", look for "patch-tls-sni" in the mutt
+ version.
+
+ Dependencies
+ * mutt-1.5.24
+ * OpenSSL
+
+Introduction
+------------
+
+ The "TLS-SNI" patch adds support for TLS virtual hosting. If your mail
+ server doesn't support this everything will still work normally.
+
+ TLS supports sending the expected server hostname during the handshake, via
+ the SNI extension. This can be used to select a server certificate to issue
+ to the client, permitting virtual-hosting without requiring multiple IP
+ addresses.
+
+ This has been tested against Exim 4.80, which optionally logs SNI and can
+ perform vhosting.
+
+ To verify TLS SNI support by a server, you can use:
+
+ openssl s_client -host <imap server> -port <port> -tls1 -servername
+ <imap server>
+
+See Also
+--------
+
+ * NeoMutt project
+
+Known Bugs
+----------
+
+ None
+
+Credits
+-------
+
+ * Jeremy Katz <katzj@linuxpower.org>
+ * Phil Pennock <mutt-dev@spodhuis.demon.nl>
+ * Richard Russon <rich@flatcap.org>
+
</sect1>
+<sect1 id="tls-sni">
+ <title>TLS-SNI Patch</title>
+ <subtitle>Negotiate with a server for a TSL/SSL certificate</subtitle>
+
+ <sect2 id="tls-sni-patch">
+ <title>Patch</title>
+
+ <para>
+ To check if Mutt supports <quote>TLS-SNI</quote>, look for
+ <quote>patch-tls-sni</quote> in the mutt version.
+ See: <xref linkend="mutt-patches"/>.
+ </para>
+
+ <itemizedlist>
+ <title>Dependencies:</title>
+ <listitem><para>mutt-1.5.24</para></listitem>
+ <listitem><para>OpenSSL</para></listitem>
+ </itemizedlist>
+
+ <para>This patch is part of the <ulink url="https://github.com/neomutt/neomutt/wiki">NeoMutt Project</ulink>.</para>
+ </sect2>
+
+ <sect2 id="tls-sni-intro">
+ <title>Introduction</title>
+
+ <para>
+ The <quote>TLS-SNI</quote> patch adds support for TLS virtual hosting.
+ If your mail server doesn't support this everything will still work
+ normally.
+ </para>
+
+ <para>
+ TLS supports sending the expected server hostname during the
+ handshake, via the SNI extension. This can be used to select a
+ server certificate to issue to the client, permitting
+ virtual-hosting without requiring multiple IP addresses.
+ </para>
+
+ <para>
+ This has been tested against Exim 4.80, which optionally logs SNI
+ and can perform vhosting.
+ </para>
+
+ <para>
+ To verify TLS SNI support by a server, you can use:
+ </para>
+
+<screen>
+openssl s_client -host <imap server> -port <port> -tls1 -servername <imap server>
+</screen>
+ </sect2>
+
+<!--
+ <sect2 id="tls-sni-variables">
+ <title>Variables</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-functions">
+ <title>Functions</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-commands">
+ <title>Commands</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-colors">
+ <title>Colors</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-sort">
+ <title>Sort</title>
+ <para>None</para>
+ </sect2>
+-->
+
+ <sect2 id="tls-sni-muttrc">
+ <title>Muttrc</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-see-also">
+ <title>See Also</title>
+
+ <itemizedlist>
+ <listitem><para><ulink url="https://github.com/neomutt/neomutt/wiki">NeoMutt Project</ulink></para></listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2 id="tls-sni-known-bugs">
+ <title>Known Bugs</title>
+ <para>None</para>
+ </sect2>
+
+ <sect2 id="tls-sni-credits">
+ <title>Credits</title>
+ <itemizedlist>
+ <listitem><para>Jeremy Katz <email>katzj@linuxpower.org</email></para></listitem>
+ <listitem><para>Phil Pennock <email>mutt-dev@spodhuis.demon.nl</email></para></listitem>
+ <listitem><para>Richard Russon <email>rich@flatcap.org</email></para></listitem>
+ </itemizedlist>
+ </sect2>
+</sect1>
+
</chapter>
<chapter id="security">
projects / neomutt / commitdiff