> On Apr 4, 2018, at 2:35 PM, admin--- via Exim-dev <exim-dev@???> wrote:
>
> We are ready to attach any dumps of exim debug or wireshark if it's necessary.
A "tshark" decode of the TLS handshake (text is better than screenshots) would
be most useful, one where the session cache mode is per the upstream patch, and
another where it is left at the default (the code setting the mode is removed).
Capture a PCAP file of the traffic with:
# port=587 # (or 465 as appropriate)
# tcpdump -s0 -w /some/file tcp port $port
... hit control-C when you think you've captured enough relevant traffic...
and post the decode for a single session from:
$ tshark -r /some/file -d tcp.port==$port,ssl -V |
sed -ne '/^Secure Sockets Layer/,/^$/p'
You can pre-filter the PCAP file to extract just the data for a particular
client session by IP and/or client TCP port:
# tcpdump -s0 -r /some/file -w /some/other-file tcp port $client_port and host $client_ip
# tcpdump -s0 -r /some/file -w /some/other-file tcp port $client_port
# tcpdump -s0 -r /some/file -w /some/other-file host $client_ip
then run tshark reading from "/some/other-file".
--
Viktor.
