On Wed, Apr 11, 2007 at 05:18:37PM -0700, David Schwartz wrote:

> > Victor
> >
> > Thanks for your reply.
> > Is there a specific reason why this is not supported
> > by openssl?

> It would add a lot of overhead and complexity to a significant fraction of
> the code for a feature that isn't all that useful and wouldn't be used all
> that often.

It would be immensely useful in Postfix, because we could cache and
re-use TLS encrypted connections. I would minimize the utility of the
feature, but it is nearly impossible to retrofit. The design would have
to support very complex serialization or many related data structures
and I/O buffers. This is the sort of thing that is best done with a
single server (O/S stream modules, or kernel server in a micro-kernel, ...)
so that the crypto state never moves between address spaces, but client
processes can communicate with the server (kernel, ...) to gain access
to the encrypted stream.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org