Re: [exim] safe handling of $tls_sni

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
MArkadiusz Miśkiewicz at <-
MMike Brudenell at ->
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
Dla: Arkadiusz Miśkiewicz
CC: exim-users
Temat: Re: [exim] safe handling of $tls_sni
On 2016-10-18 at 08:28 +0200, Arkadiusz Miśkiewicz wrote:
> On Monday 17 of October 2016, Phil Pennock wrote:
> > Or base64-encode it.
>
> "/" is part of base64 alphabet, so would have to replace that with other
> character, too.

You're quite right. I was thinking of the `base64url` encoding from
RFC4648; it's used so often that I forgot.

Hrm, perhaps Exim should support that too.

> I wonder how big performance impact will be there on each connection when
> using sha1. sha will be calculated even twice for single connection.

Your mail was delivered from the exim.org mail-handling host to my
mail-handling host using `TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256`.
Gmail's mail-servers record that when you uploaded it to them, your
system negotiated `version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128/128`.

SHA1 is faster than the SHA2 family of hashes; if you're calculating
SHA2 hashes twice (for HMAC) for every block received over TLS, doing
SHA1 twice at the start should not be a concern.

-Phil

Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [exim] decode exim srs From[exim] Best OS to run EXIM->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)