On 2016-10-18 at 08:28 +0200, Arkadiusz Miśkiewicz wrote:
> On Monday 17 of October 2016, Phil Pennock wrote:
> > Or base64-encode it.
> 
> "/" is part of base64 alphabet, so would have to replace that with other 
> character, too.

You're quite right.  I was thinking of the `base64url` encoding from
RFC4648; it's used so often that I forgot.

Hrm, perhaps Exim should support that too.

> I wonder how big performance impact will be there on each connection when 
> using sha1. sha will be calculated even twice for single connection.

Your mail was delivered from the exim.org mail-handling host to my
mail-handling host using `TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256`.
Gmail's mail-servers record that when you uploaded it to them, your
system negotiated `version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128/128`.

SHA1 is faster than the SHA2 family of hashes; if you're calculating
SHA2 hashes twice (for HMAC) for every block received over TLS, doing
SHA1 twice at the start should not be a concern.

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to