Re: [exim] TLS with crypted key

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Tom Kistner
Data:  
Para: Johannes Lämmermann, exim users
Assunto: Re: [exim] TLS with crypted key
Johannes Lämmermann wrote:

> I don't want my TLS private key insecure and unencrypted,
> as i'm not the only root user on the server. With Apache Webserver
> it works like a charm. When i start apache, i get prompted for the
> key's passphrase.


Another 'root' user could simply dump an apache core and retrieve the
decrypted key from it, so this is just security by obscurity.

> I wondered, wheter exim4 is also able to do so?
> I couldn't find anything, related to my problem, on the web
> so I hope at least you guys can give me an answer.


AFAIK this is not possible in Exim, since its OpenSSL initialization is
per-forked-process, so you would have to re-enter your passphrase for
every mail received or sent.

/tom