Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSL…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Viktor Dukhovni
Fecha:  
A: Exim-users
Asunto: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

> On Mar 30, 2017, at 9:51 PM, Phil Pennock <pdp@???> wrote:
>
>> What this means is that session resumption can't possibly work in
>> Exim (which is OK, Exim is not obligated to optimize the handshake
>> overhead of high-volume TLS traffic). Consequently, it would be
>> best if Exim did not generate SSL session ids or vend TLS session
>> tickets.
>
> Sounds right; we should consider adding this to the default value of
> openssl_options, which theoretically exposes _every_ `SSL_OP_` to
> administrator control.


Yes, for NO_TICKET, but for completeness you also need to change
the cache mode (to completely disable the cache), which cannot be
done via the option flags.

-- 
    Viktor.