On 23/08/16 20:03, Phillip Carroll wrote: > The > fact that "tls_privatekey" must be readable by exim I presume is for > using STARTTLS for sending messages, although the TLS error message > about the "tls_privatekey" path occurred on a received message. (I > questioned the need for access to the private key to receive a message, > not considering usage in the other direction.)
The Exim code telling the OpenSSL library about the private-key is in a routine common to both server and client initialisation. It's a fair point; we might consider making it direction-aware to reduce the attack surface (even though most installations will be doing both directions). -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
