Lähettäjä: jgh Päiväys: Vastaanottaja: exim-users Aihe: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3
disabled?
> This seems fine, though I don't know whether Exim has a persistent
> server-side TLS context. If not you should also disable session
> tickets with +no_ticket (if supported), but perhaps that's handled
> internally. Do whatever Jeremy or Phil say about that.
Exim creates a new TLS context for each received connection. I think we'd need a pool of listener processes to get persistence.
If we do a persistent context in future I hope someone reminds us of this point. Any opinions on the performance benefit would be of interest.
--
Jeremy