Hi,
after upgrade to 4.90 I noticed strange behavior on Outlook@win7
(0x800CCC1A "Your Server does not support the connection encryption type
you have specified.")
but it was not typical ciphersuite mismatch - something was really strange
- outlook managed to send the message successfully on 2nd to 4th try!
I grabbed traffic and in failed sessions outlook was breaking connection
(FIN) just after Server Hello.
The only difference was non empty Session ID on Client Hello on failed
connections (Server Hello always contained empty Session ID because exim
disables session cache since 4.90:
https://github.com/Exim/exim/commit/7006ee24ecfd9d8f405f70d38cc36bdd91f8de87
).
I couldn't find any way to disable tls session cache on windows side (it's
possible for SCHANNEL but outlook seems to be using WinHttp library) so I
just rebuilt exim 4.90.1 with following change reverted:
+/* Disable session cache unconditionally */
+
+(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+
and it fixed the problem (now I have non-empty Session ID in Server Hello
and it makes outlook happy).
I wonder if anybody observed similar behavior and managed to find better
fix (on client side probably?).
What about creating a configure knob to disable session cache (let it be on
by default)?
best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7
http://fork.pl/gpg.txt