Re: [exim] TLS with crypted key

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohannes Lämmermann at <-
 
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Johannes Lämmermann, exim users
Subject: Re: [exim] TLS with crypted key
Johannes Lämmermann wrote:

> I don't want my TLS private key insecure and unencrypted,
> as i'm not the only root user on the server. With Apache Webserver
> it works like a charm. When i start apache, i get prompted for the
> key's passphrase.

Another 'root' user could simply dump an apache core and retrieve the
decrypted key from it, so this is just security by obscurity.

> I wondered, wheter exim4 is also able to do so?
> I couldn't find anything, related to my problem, on the web
> so I hope at least you guys can give me an answer.

AFAIK this is not possible in Exim, since its OpenSSL initialization is
per-forked-process, so you would have to re-enter your passphrase for
every mail received or sent.

/tom

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Local e-mails aren't being delivered![exim] Doamin Stats->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)