the passed-on TCP connection. Instead, proxy the child (and any
subsequent ones) for TLS via a unix-domain socket channel. Logging is
affected: the continued delivery log lines do not have any DNSSEC, TLS
- cipher, Certificate or OCSP information. A "continued-TLS" marker is
- added instead of the cipher information: "X=*".
+ Certificate or OCSP information. TLS cipher information is still logged.
JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
identical IP addresses on different listening ports. Will also affect
JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
than 255 are no longer allowed.
+JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
+ Disable the session-cache too, which might reduce our load. Since we
+ currrectly use a new context for every connection, both as server and
+ client, there is no benefit for these.
+ GnuTLS appears to not support tickets server-side by default (we don't
+ call gnutls_session_ticket_enable_server()) but client side is enabled
+ by default on recent versions (3.1.3 +) unless the PFS priority string
+ is used (3.2.4 +).
+
Exim version 4.89
-----------------