feat: Disable SNI for STARTTLS (#7499)

Many clients don't send it currently, so it is unlikely that servers depend on it: https://mastodon.social/@cks/114690055923939576. For "implicit TLS", do not turn it off yet, it will serve as a fallback in case of rare server that needs it. If the server only supports STARTTLS and requires SNI then it is really weird, likely should not happen.
2026-04-21 07:26:29 +03:00 · 2025-12-02 16:24:53 -03:00
parent 8bce137e06
commit 676132457f
6 changed files with 43 additions and 6 deletions
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -207,6 +207,7 @@ impl Client {
        hostname: &str,
        strict_tls: bool,
    ) -> Result<Self> {
+        let use_sni = true;
        let tcp_stream = connect_tcp_inner(addr).await?;
        let account_id = context.get_id();
        let events = context.events.clone();
@@ -215,6 +216,7 @@ impl Client {
            strict_tls,
            hostname,
            addr.port(),
+            use_sni,
            alpn(addr.port()),
            logging_stream,
            &context.tls_session_store,
@@ -251,6 +253,7 @@ impl Client {
        host: &str,
        strict_tls: bool,
    ) -> Result<Self> {
+        let use_sni = false;
        let tcp_stream = connect_tcp_inner(addr).await?;

        let account_id = context.get_id();
@@ -275,6 +278,7 @@ impl Client {
            strict_tls,
            host,
            addr.port(),
+            use_sni,
            "",
            tcp_stream,
            &context.tls_session_store,
@@ -294,6 +298,7 @@ impl Client {
        strict_tls: bool,
        proxy_config: ProxyConfig,
    ) -> Result<Self> {
+        let use_sni = true;
        let proxy_stream = proxy_config
            .connect(context, domain, port, strict_tls)
            .await?;
@@ -301,6 +306,7 @@ impl Client {
            strict_tls,
            domain,
            port,
+            use_sni,
            alpn(port),
            proxy_stream,
            &context.tls_session_store,
@@ -340,6 +346,7 @@ impl Client {
        proxy_config: ProxyConfig,
        strict_tls: bool,
    ) -> Result<Self> {
+        let use_sni = false;
        let proxy_stream = proxy_config
            .connect(context, hostname, port, strict_tls)
            .await?;
@@ -362,6 +369,7 @@ impl Client {
            strict_tls,
            hostname,
            port,
+            use_sni,
            "",
            proxy_stream,
            &context.tls_session_store,