> On Apr 23, 2017, at 12:18 AM, admin@??? wrote:
>
> https://bugs.exim.org/show_bug.cgi?id=2104
Looking at the bug history I see:
> Up until 4.89 using a continued-TCP-connection for TLS involves dropping
> the TLS (in the old transport process) and starting up a new TLS connection
> on the same TCP connection in the new transport process (you should be able
> to see that sequence in the debug trace).
>
> I'm not sure whether or not the 1.0.2 OpenSSL version is relevant, but it
> does appear to be the new TLS startup that's the problem.
>
> Testcase 2113 ("TLS client: multiple messages over one connection")
> in the testsuite looks relevant - and that appears to be passing on your
> buildfarm machine, which has 1.0.2k. Are you in a position to compare debug
> output of that vs. your failing case?
>
> Possibly another direction of investigation would be a packet capture of
> a failing case, looking specifically at the TLS startup sequence after that
> second STARTTLS.
I find that rather perplexing. Over a single TCP connection it is not valid
to issue a second STARTTLS. I am misreading the above?
--
Viktor.