> On Mar 30, 2017, at 9:51 PM, Phil Pennock <pdp@???> wrote:
>
>> What this means is that session resumption can't possibly work in
>> Exim (which is OK, Exim is not obligated to optimize the handshake
>> overhead of high-volume TLS traffic). Consequently, it would be
>> best if Exim did not generate SSL session ids or vend TLS session
>> tickets.
>
> Sounds right; we should consider adding this to the default value of
> openssl_options, which theoretically exposes _every_ `SSL_OP_` to
> administrator control.
Yes, for NO_TICKET, but for completeness you also need to change
the cache mode (to completely disable the cache), which cannot be
done via the option flags.
--
Viktor.
