This is a discussion on Re: How to share SSL sessions between parent and child process when doing fork /exec - Openssl ; On Wed, Apr 11, 2007 at 05:18:37PM -0700, David Schwartz wrote: > > > Victor > > > > Thanks for your reply. > > Is there a specific reason why this is not supported > > by openssl? > ...
On Wed, Apr 11, 2007 at 05:18:37PM -0700, David Schwartz wrote:
> > Victor
> > Thanks for your reply.
> > Is there a specific reason why this is not supported
> > by openssl?
> It would add a lot of overhead and complexity to a significant fraction of
> the code for a feature that isn't all that useful and wouldn't be used all
> that often.
It would be immensely useful in Postfix, because we could cache and
re-use TLS encrypted connections. I would minimize the utility of the
feature, but it is nearly impossible to retrofit. The design would have
to support very complex serialization or many related data structures
and I/O buffers. This is the sort of thing that is best done with a
single server (O/S stream modules, or kernel server in a micro-kernel, ...)
so that the crypto state never moves between address spaces, but client
processes can communicate with the server (kernel, ...) to gain access
to the encrypted stream.
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com