I have spent the last couple of weeks adding TLS/SSL support to Exim.
Well, not exactly. What I have added is (optional) usage of the OpenSSL
library in order to get TLS/SSL support.
It has taken this long because it all had to be done by trying to unpick
examples, there being only sketchy and minimal documentation for the
OpenSSL library that I could find. Very frustrating some of it was. I
had hoped to release this yesterday, the day the US RSA patent expired,
but I was stuck trying to find out why it woudn't use a certain cipher
that the OpenSSL tests used. Finally discovered that all I had to do was
to seed the random number generator early enough.
My thanks to Steve Haslam for providing an intial patch for an earlier
release of Exim (itself based on code from stunnel).
Testers are now needed, please. You will find the current snapshot,
which will call itself Exim 3.162, in
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Testing/exim-snapshot.tar.gz
The new features are documented in the doc/NewStuff file. There are
almost certainly rough edges in this, because I am still on a steep
learning curve about this security stuff. The only external application
that I have been able to test with is Netscape, as a client. There may
also be features missing that people would like. All comments welcomed.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.