jgh at wizmail.org
Mon Apr 8 08:27:07 UTC 2019
On 03/04/2019 22:13, Jakob Bohm via openssl-users wrote:
> As an Exim user (can already be seen in my mail headers), I always
> wondered about the weird way that Exim (according to the docs/spec)
> tries to reinit TLS for each message on a connection.
> It seemed very much contrary to protocol, unlike the simple
> approach of running TLS in one process, piping the plaintext
> (E)SMTP stream to/from a succession of message processing processes,
> which can be reforked without breaking the stream and without
> ability to steal TLS keys through any security vulnerabilities.
"for sending using TLS Exim starts an additional proxy process for
handling the encryption, piping the unencrypted data stream from and to
the delivery processes"
More information about the openssl-users