Hello,
I started to deploy TLS connection reuse on some non trivial outboud
gateway setups.
First I was hit by an non obvious configuration behavior:
On my gateway I have:
smtpd_tls_security_level=none
smtp_tls_security_level=dane
If I switch to TLS session reuse with
smtp_tls_connection_reuse=yes
I get:
tlsproxy: warning: TLS service is requested, but disabled with
tlsproxy_tls_security_level or tlsproxy_use_tls
smtp: warning: private/tlsproxy service role "client" is not available.
By default tlsproxy_tls_security_level=$smtpd_tls_security_level
I overwrite it with tlsproxy_tls_security_level=may and it worked.
But as tlsproxy_client_level = $smtp_tls_security_level (=dane) why I
need to enable tlsproxy "server" part to get the "client" part working ?
Overlook/Bug ?
Next, more a feature request:
I have some custom transports defined for different/custom client side
TLS certs and conf.
But we presently have no way to specify a different tlsproxy instance
for smtp as for cleanup for smtpd. So for now I must disable TLS
connection reuse on these transports.
Is adding such a possibility something doable ? My customs transports
would greatly benefit from connection reuse as there is a permanent
sustained mail flow on them.
Emmanuel.
