Viktor Dukhovni:
> This requires figuring out how to split-up the TLS client code
> connection setup to do event-based handshake completion (as was
> done for TLS proxy in the SMTP server). There would be a small
> pool of proxy processes, likely more than 1, but ideally many
> fewer than the number of SMTP client processes, with each process
> handling multiple connections. Probably the number of proxy
> processes should be roughly the number of available CPUs.
>
> This is a difficult project. Only a high quality, well commented
In principle, tlsproxy can handle this, but using a proxy would
only move the persistent connections from SMTP clients to proxy
processes. Delegation just means that the problem has to be solved
elsewhere :-(
There would still be the reuse of sessions with different SASL
credentials, or sessions for different domains with different TLS
policies that happen to connect to the same MX hosts.
Wietse
