> It would be immensely useful in Postfix, because we could cache and
> re-use TLS encrypted connections. I would minimize the utility of the
> feature, but it is nearly impossible to retrofit. The design would have
> to support very complex serialization or many related data structures
> and I/O buffers. This is the sort of thing that is best done with a
> single server (O/S stream modules, or kernel server in a
> micro-kernel, ...)
> so that the crypto state never moves between address spaces, but client
> processes can communicate with the server (kernel, ...) to gain access
> to the encrypted stream.

> Viktor.

Why can't/doesn't Postfix use a separate SSL process? That's the right way
to do this for a variety of reasons.


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org