Problem with TLS and multiple emails over same connection
- Could anyone point me to right direction ?but the part in the brackets makes me wonder for a possibility, that if i keep sending emails over same smtp process, it could be possible. I looked everywhere, but was not able to find anything remotely helpful.Hello,I am trying to accomplish a connection cache for TLS. I set it up for non - TLS connections and it works just great.
Then i tried to look at the TLS connections. First i enabled the session cache with smtpd_tls_session_cache_database, that works great as well. The problem is, that each email to same destination is sent via new connection.
I also am aware of limitation of connection cache which says
The Postfix shared connection cache cannot be used with TLS, because saved TLS session information can be used only when a new connection is created (this limitation does not exist in connection caching implementations that reuse a connection only in the process that creates it). For this reason, the Postfix smtp(8) client always closes the connection after completing an attempt to deliver mail over TLS.
Thanks you and best regards
- On Fri, Mar 21, 2014 at 03:50:24PM +0100, Stefan Moravcik wrote:
> I am trying to accomplish a connection cache for TLS. I set it up for non -The Postfix connection cache moves file descriptors between processes.
> TLS connections and it works just great.
Unfortunately, the OpenSSL library does not support serializing
and de-serializing the SSL state of a live SSL connection.
So at this time, TLS connections are not cached.
> but the part in the brackets makes me wonder for a possibility, that if iThere is no cache internal to a single process. That would only
> keep sending emails over same smtp process, it could be possible. I looked
> everywhere, but was not able to find anything remotely helpful.
work well with single-destination smtp transports. Otherwise,
there would be lots of cached connections that never get used,
because the delivery agent is talking to someone else.
Since in-process caches would be most-likely misunderstood and
misused, they are not implemented.