On Sun, Aug 27, 2006 at 11:09:55PM +0200, Ben Collins wrote: > IMO, the best way to handle this would be just like sshd. It does not > generate an RSA on first connection, it does it when the package is > installed. > > Either generate this initial key at install, or detect that TLS is > enabled in the init script and generate it if doesn't exist.
I am not sure whether this is going to work. Generating dh_parameters is very fast if enough entropy is available, so in case that enough entropy is available, we don't need to bother and can have exim generate them on first connection. If not enough entropy is available, generating dh_parameters is going to take a looooooong time, so we'd either have a long delay on package installation (in which case exim is not going to be available any earlier), or we'd send the dh_parameters generation in the background which will cause exim to generate the dh_parameters on first connection, resulting in exim being unavailable until the dh_parameters have been built. Frankly, I don't see a gain in generating the dh_parameters on package installation or from the init script. Am I missing something? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

