On Fri, Apr 11, 2014 at 08:15:27PM -0600, Bob Beck wrote:
> On Fri, Apr 11, 2014 at 6:09 PM, Reyk Floeter wrote:
>
>
> >
> > I did some testing with apache bench (ab) and it shows a negative
> > performance impact when running with multiple preforked relays and
> > concurrent requests. But this
On Fri, Apr 11, 2014 at 6:09 PM, Reyk Floeter wrote:
>
> I did some testing with apache bench (ab) and it shows a negative
> performance impact when running with multiple preforked relays and
> concurrent requests. But this is expected because all processes have
> to wait for the single "ca" pr
On Wed, Apr 09, 2014 at 04:20:23PM +0200, Reyk Floeter wrote:
> relayd uses privsep to mitigate the risk of potential attacks.
> OpenSSL's SSL code wasn't designed with privsep in mind. We already
> have a hack to load the keys and certificates in the parent process
> and to send them via imsg to
Hi,
relayd uses privsep to mitigate the risk of potential attacks.
OpenSSL's SSL code wasn't designed with privsep in mind. We already
have a hack to load the keys and certificates in the parent process
and to send them via imsg to the chroot'ed relays; OpenSSL normally
wants to load them from fi
