https://bugs.exim.org/show_bug.cgi?id=2255
Phil Pennock <pdp@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pdp@???
--- Comment #16 from Phil Pennock <pdp@???> ---
I think we should seriously consider backing out that change.
while Viktor is right that it's best to not have clients spend bandwidth on
session caching stuff, it's a client-exposed protocol-level change, which means
that clients which _demand_ session caching see a difference. The variance in
amount of traffic is fairly minimal, not worth the disruption IMO.
We might consider SSL_CTX_set_session_cache_mode(SSL_SESS_CACHE_NO_INTERNAL)
instead, to just not try to save or look up session cache stuff, but I don't
feel like digging into how portable that is across OpenSSL versions.
We're optimizing session start-up, in SMTP (which is store-and-forward, not
interactive) at the expense of client compatibility, even if it is dodgy
clients. Unless and until there's a security issue disclosed with even
offering session resumption, let's allow it?
--
You are receiving this mail because:
You are on the CC list for the bug.