Viktor Dukhovni:
>
>
> > On Mar 22, 2018, at 10:54 AM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > Currently, the Postfix SMTP client does a bunch of TLS initialization,
> > once per TLS session.
>
> The expensive stuff for SSL_CTX happens only once in tls_client_init().
> You're only looking at tls_client_start(), which uses a previously
> initialized context.
Well, each Postfix SMTP client creates SSL_CTX once, then reuses
it across multiple TLS sessions. I suppose that tlsproxy can share
this object among all sessions that tlsproxy creates for SMTP clients
with similar parameters. This is the stuff that gets serialized and
passed around between SMTP client, tlsproxy, and that appears in
scache lookup keys).
This may be non-trivial but it's not rocket science.
Wietse
