> It would be immensely useful in Postfix, because we could cache and > re-use TLS encrypted connections. I would minimize the utility of the > feature, but it is nearly impossible to retrofit. The design would have > to support very complex serialization or many related data structures > and I/O buffers. This is the sort of thing that is best done with a > single server (O/S stream modules, or kernel server in a > micro-kernel, ...) > so that the crypto state never moves between address spaces, but client > processes can communicate with the server (kernel, ...) to gain access > to the encrypted stream.
> Viktor. Why can't/doesn't Postfix use a separate SSL process? That's the right way to do this for a variety of reasons. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
