diff --git a/postfix/HISTORY b/postfix/HISTORY
index c400b856e..e6fbcfebf 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23808,6 +23808,24 @@ Apologies for any names omitted.
 	or whether the connection is reused ("TLS connection reused").
 	Files: smtp/smtp.h, smtp/smtp_proto.c, smtp/smtp_session.c.
 
+	(20181117-nonprod) Unified summary logging in the SMTP
+	client, SMTP server, and posttls-finger. Viktor Dukhovni.
+	Files: tls/tls.h, tls/tls_misc.c, tls/tls_proxy.h,
+	tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+	tls/tls_client.c, src/tls/tls_server.c, smtpd/smtpd.c,
+	posttls-finger/posttls-finger.c.
+
+	(20181117-nonprod) Improved logging of TLS 1.3 summary
+	information. On the server side this also affects the TLS
+	information optionally recorded in "Received" headers.
+	Viktor Dukhovni. Files: smtpd/smtpd.c, tls/tls.h,
+	tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
+	tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+	tls/tls_server.c.
+
+	(20181117-nonprod) FORWARD_SECRECY examples with TLS 1.3
+	logging. Viktor Dukhovni. File: proto/FORWARD_SECRECY_README.html.
+
 20181118
 
 	Cleanup, no behavior change: updated comments concerning
@@ -23924,10 +23942,22 @@ Apologies for any names omitted.
 	message to the postscreen_pre_queue_limit. Problem reported
 	by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
 
-	Compatibility: removed support for OpenSSL 1.0.1 and earlier.
+	(20181226-nonprod) Compatibility: removed support for OpenSSL
+	1.0.1 (not supported since December 31, 2016) and earlier
+	releases. This eliminated a large number of #ifdefs with
+	bitrot workarounds.  Viktor Dukhovni. Files: global/mail_params.h,
+	posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
+	tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
+	tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
+	tls/tls_session.c.
 
-	Feature: TLS support for client-side and server-side SNI
-	in the Postfix SMTP server, SMTP client, and tlsproxy.
+	(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
+	setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
+	tls/tls_client.c, tls/tls_dh.c.
+
+	(20181226-nonprod) Documentation update for TLS support.
+	Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
+	proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
 
 20181229
 
@@ -23946,6 +23976,34 @@ Apologies for any names omitted.
         dict_open.c, and updated the -F description in the postmap
         manpage. Files: util/dict_open.c, postmap/postmap.c.
 
+	(20190106-nonprod) Feature: support for files that combine
+	multiple (key, certificate, trust chain) instances in one
+	file, to avoid separate files for RSA, DSA, Elliptic Curve,
+	and so on. Viktor Dukhovni. Files: .indent.pro,
+	global/mail_params.h, posttls-finger/posttls-finger.c,
+	smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
+	smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
+	tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
+	tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
+	tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
+
+	(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
+	for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
+	src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
+
+	(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
+	Files: src/global/mail_params.h, src/smtp/smtp.c,
+	src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
+	src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
+
+	(20190106-nonprod) Configurable client-side SNI signal.
+	Viktor Dukhovni. Files: global/mail_params.h,
+	posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
+	smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
+	smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
+	tls/tls_proxy.h, tls/tls_proxy_client_print.c,
+	tls/tls_proxy_client_scan.c.
+
 20190121
 
 	Logging: support for internal logging file, without using
@@ -23976,9 +24034,9 @@ Apologies for any names omitted.
 	util/msg_output.h, util/unix_dgram_connect.c,
 	util/unix_dgram_listen.c.
 
-	Safety: temporary postlogd fix to avoid recursion when main.cf
-	has "maillog_file =" but master(8) still still tells its child
-	processes to send logs to postlogd. File: postlogd/postlogd.c.
+	Cleanup: cert/key/chain loading, plus unit tests to exercise
+	non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
+	tls*.pem.ref, tls/tls_certkey.c.
 
 20190126
 
@@ -24016,7 +24074,22 @@ Apologies for any names omitted.
 20190129
 
 	Safety: require that $maillog_file matches one of the
-	pathname prefixes specified in $maillog_file_prefixes.  The
+	pathname prefixes specified in $maillog_file_prefixes. The
 	maillog file is created by root, and the prefixes limit the
 	damage from a single configuration error. Files:
 	global/mail_params.[hc], global/maillog_client.c.
+
+20191201
+
+	Feature: "postfix logrotate" command with configurable
+	compression program and datestamp filename suffix. File:
+	conf/postfix-script.
+
+20190202
+
+	Cleanup: log a warning when the client sends a malformed
+	SNI; log an info message when the client sends a valid SNI
+	that does not match the SNI lookup tables; update the
+	FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
+	Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
+	tls/tls_client.c, tls/tls_misc.c.
diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README
index d59b99e92..cf1bf1398 100644
--- a/postfix/README_FILES/FORWARD_SECRECY_README
+++ b/postfix/README_FILES/FORWARD_SECRECY_README
@@ -449,6 +449,20 @@ Examples of Postfix SMTP server logging:
       TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
       server-signature ED25519
 
+Note that Postfix >= 3.4 server logging may also include a "to sni-name"
+element to record the use of an alternate server certificate chain for the
+connection in question. This happens when the client uses the TLS SNI
+extension, and the server selects a non-default certificate chain based on the
+client's SNI value:
+
+    postfix/smtpd[process-id]:
+      Untrusted TLS connection established from client.example[192.0.2.1]
+      to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256
+    bits)
+      key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
+    SHA256
+      client-signature ECDSA (P-256) client-digest SHA256
+
 WWhhaatt ddoo ""AAnnoonnyymmoouuss"",, ""UUnnttrruusstteedd"",, eettcc.. iinn PPoossttffiixx llooggggiinngg mmeeaann??
 
 The verification levels below are subject to man-in-the-middle attacks to
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index ddf248e94..f73ddcb9b 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -25,26 +25,23 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
 the software under the license of their choice. Those who are more
 comfortable with the IPL can continue with that license.
 
-Major changes with snapshot 20190127
-====================================
-
-[TODO: summary of SNI and chain-file support]
-
 Incompatible changes with snapshot 20190126-nonprod
 ====================================================
 
 This introduces a new master.cf service type 'unix-dgram' that is
 used by the new postlogd(8) daemon. This type is not supported by
-older Postfix versions. Before backing out to an older release,
+older Postfix versions. Before backing out to an older version,
 edit the master.cf file and remove the postlog entry.
 
 Major changes with snapshot 20190126-nonprod
 ============================================
 
-Support for logging to file or stdout. This disables syslog logging.
+[TODO: move most of this text to MAILLOG_README file]
 
-- Logging to file solves a usability problem for MacOS users, and
-  may also be useful on LINUX when systemd is getting in the way.
+Support for logging to file or stdout, instead of using syslog.
+
+- Logging to file solves a usability problem for MacOS, and
+  eliminates multiple problems with systemd-based systems.
 
 - Logging to stdout is useful when Postfix runs in a container, as
   it eliminates a syslogd dependency.
@@ -52,8 +49,8 @@ Support for logging to file or stdout. This disables syslog logging.
 To enable Postfix logging to file or stdout:
 --------------------------------------------
 
-Add the following line to master.cf if not already present (no
-whitespace at the start of the line):
+Add the following line to master.cf if not already present (note:
+there must be no whitespace at the start of the line):
     postlog   unix-dgram n  -       n       -       1       postlogd
 
 To write logs to Postfix logfile (see below for logfile rotation): 
@@ -65,9 +62,10 @@ To write logs to stdout, typically while Postfix runs in a container:
     # postconf maillog_file=/dev/stdout
     # postfix start-fg
 
-The maillog_file parameter must contain a prefix that is specified
-with the maillog_file_prefixes parameter (default: /var, /dev/stdout).
-This limits the damage from a single configuration mistake.
+The maillog_file parameter must contain one of the prefixes that
+are specified with the maillog_file_prefixes parameter (default:
+/var, /dev/stdout). This limits the damage from a single configuration
+mistake.
 
 To rotate a Postfix logfile with a daily cronjob:
 -------------------------------------------------
@@ -112,6 +110,25 @@ Limitations:
   executable file has set-gid permission. Do not set this permision
   on programs other than postdrop(1) and postqueue(1).
 
+Incompatible changes with snapshot 20190106
+===========================================
+
+Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life December
+31, 2016) and earlier releases.
+
+Major changes with snapshot 20190106
+====================================
+
+SNI support in the Postfix SMTP server, the Postfix SMTP client,
+and in the tlsproxy daemon (both server and client roles).
+
+Support for files that combine multiple (key, certificate, trust
+chain) instances. This was required to implement server-side SNI
+table lookups, but it also eliminates the need for separate cert/key
+files for RSA, DSA, Elliptic Curve, and so on. The file format is
+documented in TLS_README sections [TODO] and in the postconf
+documentation for parameters [TODO].
+
 Major changes with snapshot 20180826
 ====================================
 
diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script
index 72855e25c..93d8a1fbc 100755
--- a/postfix/conf/postfix-script
+++ b/postfix/conf/postfix-script
@@ -425,15 +425,15 @@ logrotate)
 	/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
 	esac
 
-	(
-	    suffix="`date +$maillog_file_rotate_suffix`" || exit 1
+	errors=`(
+	    suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
 	    mv "$maillog_file" "$maillog_file.$suffix" || exit 1
 	    $daemon_directory/master -t 2>/dev/null ||
-		kill -HUP `sed 1q pid/master.pid`
+		kill -HUP \`sed 1q pid/master.pid\` || exit 1
 	    sleep 1
 	    "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
-	) || {
-	    $FATAL "logfile '$maillog_file' rotation failed"
+	) 2>&1` || {
+	    $FATAL "logfile '$maillog_file' rotation failed: $errors"
 	    exit 1
 	}
 	;;
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html
index 18a83818b..fe619c8a4 100644
--- a/postfix/html/FORWARD_SECRECY_README.html
+++ b/postfix/html/FORWARD_SECRECY_README.html
@@ -576,6 +576,23 @@ postfix/smtpd[<i>process-id</i>]:
 </pre>
 </blockquote>
 
+<p> Note that Postfix &ge; 3.4 server logging may also include a 
+"to <i>sni-name</i>" element to record the use of an alternate
+server certificate chain for the connection in question. This happens
+when the client uses the TLS SNI extension, and the server selects
+a non-default certificate chain based on the client's SNI value:
+</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+  Untrusted TLS connection established from client.example[192.0.2.1]
+  to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+  key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+  client-signature ECDSA (P-256) client-digest SHA256
+</pre>
+</blockquote>
+
 <h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
 Postfix logging mean? </a> </h2>
 
diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html
index 66087d344..d00472d72 100644
--- a/postfix/html/master.8.html
+++ b/postfix/html/master.8.html
@@ -48,13 +48,17 @@ MASTER(8)                                                            MASTER(8)
               cesses terminate at their convenience.
 
        <b>-i</b>     Enable  <b>init</b>  mode:  do  not  become  a session or process group
-              leader; similar to <b>-s</b>, do not redirect stdout to  /dev/null,  so
-              that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  = /dev/stdout" works.  This mode is allowed
-              only if the process ID equals 1.
+              leader; and similar to <b>-s</b>, do not redirect stdout to  /dev/null,
+              so  that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  =  /dev/stdout"  works.   This  mode is
+              allowed only if the process ID equals 1.
+
+              This feature is available in Postfix 3.3 and later.
 
        <b>-s</b>     Do not redirect stdout to /dev/null,  so  that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  =
               /dev/stdout" works.
 
+              This feature is available in Postfix 3.4 and later.
+
        <b>-t</b>     Test  mode.  Return  a zero exit status when the <b>master.pid</b> lock
               file does not exist or when that file is not  locked.   This  is
               evidence that the <a href="master.8.html"><b>master</b>(8)</a> daemon is not running.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 39550614f..7cb118e33 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -12867,7 +12867,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
@@ -13212,7 +13213,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"</p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -17580,7 +17582,8 @@ disabled.  The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> Example: </p>
@@ -17614,7 +17617,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -18725,6 +18729,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A-label form (as
 required in the TLS SNI extension). </p>
 
+<p> When this parameter is non-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.  </p>
+
+<p> Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's <a href="ADDRESS_CLASS_README.html#default_domain_class">default domains</a>, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for. </p>
+
 <p> The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on-disk indexed files
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index dd8ab8e44..d4a153d0b 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -8364,7 +8364,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 At the dane and
@@ -8694,7 +8695,8 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 To include a protocol list its name, to exclude it, prefix the name
@@ -12226,7 +12228,8 @@ disabled.  The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 Example:
@@ -12258,7 +12261,8 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 To include a protocol list its name, to exclude it, prefix the name
@@ -13057,6 +13061,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A\-label form (as
 required in the TLS SNI extension).
 .PP
+When this parameter is non\-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.
+.PP
+Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's default domains, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for.
+.PP
 The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on\-disk indexed files
diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8
index c6790ea4a..f8d0f12fe 100644
--- a/postfix/man/man8/master.8
+++ b/postfix/man/man8/master.8
@@ -45,12 +45,16 @@ Terminate the master process after \fIexit_time\fR seconds. Child
 processes terminate at their convenience.
 .IP \fB\-i\fR
 Enable \fBinit\fR mode: do not become a session or process
-group leader; similar to \fB\-s\fR, do not redirect stdout
+group leader; and similar to \fB\-s\fR, do not redirect stdout
 to /dev/null, so that "maillog_file = /dev/stdout" works.
 This mode is allowed only if the process ID equals 1.
+.sp
+This feature is available in Postfix 3.3 and later.
 .IP \fB\-s\fR
 Do not redirect stdout to /dev/null, so that "maillog_file
 = /dev/stdout" works.
+.sp
+This feature is available in Postfix 3.4 and later.
 .IP \fB\-t\fR
 Test mode. Return a zero exit status when the \fBmaster.pid\fR lock
 file does not exist or when that file is not locked.  This is evidence
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html
index f549e4a1c..30fb5329d 100644
--- a/postfix/proto/FORWARD_SECRECY_README.html
+++ b/postfix/proto/FORWARD_SECRECY_README.html
@@ -576,6 +576,23 @@ postfix/smtpd[<i>process-id</i>]:
 </pre>
 </blockquote>
 
+<p> Note that Postfix &ge; 3.4 server logging may also include a 
+"to <i>sni-name</i>" element to record the use of an alternate
+server certificate chain for the connection in question. This happens
+when the client uses the TLS SNI extension, and the server selects
+a non-default certificate chain based on the client's SNI value:
+</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+  Untrusted TLS connection established from client.example[192.0.2.1]
+  to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+  key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+  client-signature ECDSA (P-256) client-digest SHA256
+</pre>
+</blockquote>
+
 <h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
 Postfix logging mean? </a> </h2>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 12978a8e8..c47155732 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -11271,7 +11271,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
@@ -11471,7 +11472,8 @@ disabled.  The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> Example: </p>
@@ -12632,7 +12634,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"</p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -12667,7 +12670,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -17435,6 +17439,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A-label form (as
 required in the TLS SNI extension). </p>
 
+<p> When this parameter is non-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.  </p>
+
+<p> Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's default domains, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for. </p>
+
 <p> The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on-disk indexed files
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5bbc46706..ade3ae960 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20190201"
+#define MAIL_RELEASE_DATE	"20190202"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c
index dbe880964..1a4173b8c 100644
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@@ -39,12 +39,16 @@
 /*	processes terminate at their convenience.
 /* .IP \fB-i\fR
 /*	Enable \fBinit\fR mode: do not become a session or process
-/*	group leader; similar to \fB-s\fR, do not redirect stdout
+/*	group leader; and similar to \fB-s\fR, do not redirect stdout
 /*	to /dev/null, so that "maillog_file = /dev/stdout" works.
 /*	This mode is allowed only if the process ID equals 1.
+/* .sp
+/*	This feature is available in Postfix 3.3 and later.
 /* .IP \fB-s\fR
 /*	Do not redirect stdout to /dev/null, so that "maillog_file
 /*	= /dev/stdout" works.
+/* .sp
+/*	This feature is available in Postfix 3.4 and later.
 /* .IP \fB-t\fR
 /*	Test mode. Return a zero exit status when the \fBmaster.pid\fR lock
 /*	file does not exist or when that file is not locked.  This is evidence
diff --git a/postfix/src/postlogd/postlogd.c b/postfix/src/postlogd/postlogd.c
index 5461e1a97..047307f7c 100644
--- a/postfix/src/postlogd/postlogd.c
+++ b/postfix/src/postlogd/postlogd.c
@@ -241,6 +241,14 @@ int     main(int argc, char **argv)
      */
     MAIL_VERSION_STAMP_ALLOCATE;
 
+    /*
+     * This is a datagram service, not a stream service, so that postlogd can
+     * restart immediately after "postfix reload" without requiring clients
+     * to resend messages. Those messages remain queued in the kernel until a
+     * new postlogd process retrieves them. It would be unreasonable to
+     * require that clients retransmit logs, especially in the case of a
+     * fatal or panic error.
+     */
     dgram_server_main(argc, argv, postlogd_service,
 		      CA_MAIL_SERVER_TIME_TABLE(time_table),
 		      CA_MAIL_SERVER_PRE_INIT(pre_jail_init),
diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 24e3a043b..6c10d4ad7 100644
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -247,6 +247,7 @@ typedef struct {
     /* Public, read-only. */
     char   *peer_CN;			/* Peer Common Name */
     char   *issuer_CN;			/* Issuer Common Name */
+    char   *peer_sni;			/* SNI sent to or by the peer */
     char   *peer_cert_fprint;		/* ASCII certificate fingerprint */
     char   *peer_pkey_fprint;		/* ASCII public key fingerprint */
     int     peer_status;		/* Certificate and match status */
diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c
index bb9412539..cfc0aca47 100644
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -1042,6 +1042,13 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
 	    tls_free_context(TLScontext);
 	    return (0);
 	}
+	/*
+	 * The saved value is not presently used client-side, but could later
+	 * be logged if acked by the server (requires new client-side callback
+	 * to detect the ack).  For now this just maintains symmetry with the
+	 * server code, where do record the received SNI for logging.
+	 */
+	TLScontext->peer_sni = mystrdup(sni);
 	if (log_mask & TLS_LOG_DEBUG)
 	    msg_info("%s: SNI hostname: %s", props->namaddr, sni);
     }
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 5489d3236..51cbd3530 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -793,19 +793,27 @@ void    tls_pre_jail_init(TLS_ROLE role)
 static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 {
     SSL_CTX *sni_ctx = (SSL_CTX *) arg;
+    TLS_SESS_STATE *TLScontext = SSL_get_ex_data(ssl, TLScontext_index);
     const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+    const char *cp = sni;
     const char *pem;
 
-    if (!sni_ctx || !tls_server_sni_maps
-	|| !sni || !*sni || !valid_hostname(sni, DONT_GRIPE))
+    /* SNI is silently ignored when we don't care or is NULL or empty */
+    if (!sni_ctx || !tls_server_sni_maps || !sni || !*sni)
 	return SSL_TLSEXT_ERR_NOACK;
 
+    if (!valid_hostname(sni, DONT_GRIPE)) {
+	msg_warn("TLS SNI from %s is invalid: %s",
+		 TLScontext->namaddr, sni);
+	return SSL_TLSEXT_ERR_NOACK;
+    }
+
     do {
 	/* Don't silently skip maps opened with the wrong flags. */
-	pem = maps_file_find(tls_server_sni_maps, sni, 0);
+	pem = maps_file_find(tls_server_sni_maps, cp, 0);
     } while (!pem
 	     && !tls_server_sni_maps->error
-	     && (sni = strchr(sni + 1, '.')) != 0);
+	     && (cp = strchr(cp + 1, '.')) != 0);
 
     if (!pem) {
 	if (tls_server_sni_maps->error) {
@@ -814,6 +822,14 @@ static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 	    *alert = SSL_AD_INTERNAL_ERROR;
 	    return SSL_TLSEXT_ERR_ALERT_FATAL;
 	}
+	msg_info("TLS SNI %s from %s not matched, using default chain",
+		 sni, TLScontext->namaddr);
+	/*
+	 * XXX: We could lie and pretend to accept the name, but since we've
+	 * previously not impemented the callback (with OpenSSL then declining
+	 * the extension), and nothing bad happened, declining it explicitly
+	 * should be safe.
+	 */
 	return SSL_TLSEXT_ERR_NOACK;
     }
     SSL_set_SSL_CTX(ssl, sni_ctx);
@@ -822,6 +838,7 @@ static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 	*alert = SSL_AD_INTERNAL_ERROR;
 	return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
+    TLScontext->peer_sni = mystrdup(sni);
     return SSL_TLSEXT_ERR_OK;
 }
 
@@ -1101,15 +1118,23 @@ void    tls_log_summary(TLS_ROLE role, TLS_USAGE usage, TLS_SESS_STATE *ctx)
 {
     VSTRING *msg = vstring_alloc(100);
     const char *direction = (role == TLS_ROLE_CLIENT) ? "to" : "from";
+    const char *sni = (role == TLS_ROLE_CLIENT) ? 0 : ctx->peer_sni;
 
-    vstring_sprintf(msg, "%s TLS connection %s %s %s: %s"
+    /*
+     * When SNI was sent and accepted, the server-side log message now includes
+     * a "to <sni-name>" detail after the "from <namaddr>" detail identifying
+     * the remote client.  We don't presently log (purportedly) accepted SNI on
+     * the client side.
+     */
+    vstring_sprintf(msg, "%s TLS connection %s %s %s%s%s: %s"
 		    " with cipher %s (%d/%d bits)",
 		    !TLS_CERT_IS_PRESENT(ctx) ? "Anonymous" :
 		    TLS_CERT_IS_SECURED(ctx) ? "Verified" :
 		    TLS_CERT_IS_TRUSTED(ctx) ? "Trusted" : "Untrusted",
 		    usage == TLS_USAGE_NEW ? "established" : "reused",
-		    direction, ctx->namaddr, ctx->protocol, ctx->cipher_name,
-		    ctx->cipher_usebits, ctx->cipher_algbits);
+		    direction, ctx->namaddr, sni ? " to " : "", sni ? sni : "",
+		    ctx->protocol, ctx->cipher_name, ctx->cipher_usebits,
+		    ctx->cipher_algbits);
 
     if (ctx->kex_name && *ctx->kex_name) {
 	vstring_sprintf_append(msg, " key-exchange %s", ctx->kex_name);
@@ -1215,6 +1240,7 @@ TLS_SESS_STATE *tls_alloc_sess_context(int log_mask, const char *namaddr)
     TLScontext->serverid = 0;
     TLScontext->peer_CN = 0;
     TLScontext->issuer_CN = 0;
+    TLScontext->peer_sni = 0;
     TLScontext->peer_cert_fprint = 0;
     TLScontext->peer_pkey_fprint = 0;
     TLScontext->protocol = 0;
@@ -1263,6 +1289,8 @@ void    tls_free_context(TLS_SESS_STATE *TLScontext)
 	myfree(TLScontext->peer_CN);
     if (TLScontext->issuer_CN)
 	myfree(TLScontext->issuer_CN);
+    if (TLScontext->peer_sni)
+	myfree(TLScontext->peer_sni);
     if (TLScontext->peer_cert_fprint)
 	myfree(TLScontext->peer_cert_fprint);
     if (TLScontext->peer_pkey_fprint)