SSL_SESSION_set1_ticket ?
Jeremy Harris
jgh at wizmail.org
Mon Apr 8 08:27:07 UTC 2019
On 03/04/2019 22:13, Jakob Bohm via openssl-users wrote:
> As an Exim user (can already be seen in my mail headers), I always
> wondered about the weird way that Exim (according to the docs/spec)
> tries to reinit TLS for each message on a connection.
>
> It seemed very much contrary to protocol, unlike the simple
> approach of running TLS in one process, piping the plaintext
> (E)SMTP stream to/from a succession of message processing processes,
> which can be reforked without breaking the stream and without
> ability to steal TLS keys through any security vulnerabilities.
http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTmulmessam
"for sending using TLS Exim starts an additional proxy process for
handling the encryption, piping the unencrypted data stream from and to
the delivery processes"
--
Cheers,
Jeremy
More information about the openssl-users
mailing list