Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSL…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: jgh
Datum:  
To: exim-users
Betreff: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

> This seems fine, though I don't know whether Exim has a persistent
> server-side TLS context.  If not you should also disable session
> tickets with +no_ticket (if supported), but perhaps that's handled
> internally.  Do whatever Jeremy or Phil say about that.


Exim creates a new TLS context for each received connection. I think we'd need a pool of listener processes to get persistence.

If we do a persistent context in future I hope someone reminds us of this point. Any opinions on the performance benefit would be of interest.
--
Jeremy