> On Mar 30, 2017, at 8:09 AM, Michael J. Tubby B.Sc. MIET <mike.tubby@???> wrote:
>
> I think I'm going to have to go and buy a plain RSA2048/SHA256
> cert from RapidSSL or Comodo for one host (relay1.thorcom.net)
> and see if the problem goes away :-(
Let's Encrypt certificates are easier to manage (auto-renewal
and deployment) and cheaper. You could try those.
I don't know whether Exim needs to be restarted to change
certificates, or picks up new certs automatically as clients
connect. I suspect the latter, with the TLS context
created and destroyed per connection.
That's why I suggested explicitly disabling session ticket
support, ... but I don't whether Exim already handles disabling
the session cache for you internally. It's the polite thing to
do if it is impossible to resume previous TLS sessions.
--
Viktor.
