Author: Heiko Schlittermann Date: To: exim-users Subject: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3
disabled?
Viktor Dukhovni <exim-users@???> (Do 30 Mär 2017 16:52:38 CEST):
… > I don't know whether Exim needs to be restarted to change
> certificates, or picks up new certs automatically as clients
> connect. I suspect the latter, with the TLS context
> created and destroyed per connection.
You're right, Exim picks up the cert/keys per connection, as the
relevant options are expandable at runtime. (But, as far as I know,
currently not based on the key that is requested (so we do not support
multiple key setups for the same CN, as far as I know. But I may be
wrong, as always.)