[erlang-questions] smtp server

Steve Davis steven.charles.davis@REDACTED
Fri Feb 3 02:15:58 CET 2012


Hi Ingela,

I'm sure that all on this list appreciate the amazing progress that's
been made with new_ssl, and I tried to highlight that in my earlier
comments. I also commented that the library can't be considered
"mature" for some of the very reasons that you state. I appreciate
that there's a long "to do" list, and that the scope of the effort
required to accomplish it was huge. Please see the inline comment
also :)

On Feb 2, 11:25 am, Ingela Andin <ingela.an...@REDACTED> wrote:
> Hi!
>
> 2012/2/2, Steve Davis <steven.charles.da...@REDACTED>:
> > ...and test suite referenced here...
>
> >http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
>
> We use this test suite to verify our PKIX-path-validation code,
> granted we do not yet support CRL-handling but that is on its
> way. Our verify_fun will let you work around the problem that it
> is not yet supported. (Not so fun for you perhaps but a possible
> solution for now).
>
> The somewhat optional policy mapping extension is further into the
> future, if we see a strong enough argument to implement it, but
> even this can be handled by the verify_fun if you really need it.
>
> We are working on supporting the latest TLS-version on the other
> hand as far as I know OpenSSL 1.0 only supports TLS v1.0. The
> development version has experimental support for TLS v1.1 and no
> version currently supports TLS v1.2.
>
> We do not support all possible optional extensions as
> Kerberos-cipher-SUITES, but hey feel free to contribute.
>
> > There's also connection cost/memory overhead to take into account, and
> > possibly process spawning cost under high load (which I have not
> > measured but "wonder about")... but I digress.
>
> Spawning erlang processes is cheap, but speculation is fairly
> uninteresting if you have
> concerns you should make measurments.

I couldn't agree more - only measurement would allay that concern.
Spawning is indeed cheap but it is not free. Should I be able to
provide any worthwhile results on that, I most certainly will.

> Also check out the hibernate
> option that will
> make your ssl-processes garbage-collected earlier.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>

Best regards,
/s



More information about the erlang-questions mailing list