Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Server Name Indication (SNI) #3296

kingqueen3065 opened this issue Apr 2, 2018 · 0 comments


None yet
1 participant
Copy link

commented Apr 2, 2018

Expected behavior

K-9 should use Server Name Indication to send the name of the server it is connecting to, so the server knows to send the correct certificate. So when I connect to, K-9 tells the server it is connecting to and the server then sends K-9 the SSL certificate for (The server serves as the MX for multiple domains, all on the same IP.)

Actual behavior

K-9 appears to not supply the server name. The server therefore reverts to its default certificate and supplies the certificate for K-9 then advises that the certificate does not match the server name, unless I change the server set in K-9 from to or manually accept the certificate in K-9.

Steps to reproduce

Attempt to send or retrieve mail over TLS using a FQDN hosted on a server that uses SNI to support multiple domain names.

Given depletion of IPv4 addresses, this issue is likely to affect more users over time.

I see references to SNI in the source code in two places, but they don't appear to relate to K-9's use of such for mail transfer and I couldn't find any reference to SNI in Github issues.


K-9 Mail version 5.403

Android version: 7.1.1

Account type (IMAP, POP3, WebDAV/Exchange):
POP3 and SMTP over TLS to a server using SNI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.