On 28/09/2021 23:41, Viktor Dukhovni via Exim-users wrote:
>> - fast-ramp queue run
>> - native SRS
>> - TLS resumption
>
> I'd like to ask, if I may, how TLS resumption interacts with DANE or
> other authenticated TLS policy, assuming potential earlier
> unauthenticated TLS connections to the same IP:port or name:port on
> behalf of some other domain (or via an alternate "router") which did not
> require an authenticated connection, or otherwise had a different set of
> TLS requirements.
If enabled for a target host (default being no)
then the session cache lookup key is the unadorned IP.
>> - faster TLS startup
>
> May I ask what this means?
Caching of the CA bundle, and similar setup,
by loading it in the daemon process (which forks
for receive processes).
--
Cheers,
Jeremy
