[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git@???


--- Comment #27 from Git Commit <git@???> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/a28050f855e0011e0b6f1b395d65e3cebcb277a2

commit a28050f855e0011e0b6f1b395d65e3cebcb277a2
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Apr 8 22:45:39 2018 +0100
Commit:     Jeremy Harris <jgh146exb@???>
CommitDate: Sun Apr 8 22:50:49 2018 +0100


    OpenSSL: Revert the disabling of the session-cache.  Bug 2255


    Session cacheing is never useful, as we use a new context for every TLS
startup.
    However, removing the support triggers odd behaviour from Outlook Express
(only
    when there is an IMAP server on the same machine as Exim): an initial
connect
    from the OE client fails, the immediate retry works.
---
 doc/doc-txt/ChangeLog |  3 +++
 src/src/tls-openssl.c | 10 ++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 903840a..5e9d2af 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -200,6 +200,9 @@ JH/36 Fix reinitialisation of DKIM logging variable between
messages.
       Previously it was possible to log spurious information in receive log
       lines.


+JH/37 Bug 2255: Revert the disable of the OpenSSL session caching.  This
+      triggered odd behaviour from Outlook Express clients.
+


Exim version 4.90
-----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index c142bd0..bfdfe21 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1601,9 +1601,15 @@ if (init_options)
else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");

-/* Disable session cache unconditionally */
-
+/* We'd like to disable session cache unconditionally, but foolish Outlook
+Express clients then give up the first TLS connection and make a second one
+(which works). Only when there is an IMAP service on the same machine.
+Presumably OE is trying to use the cache for A on B. Leave it enabled for
+now, until we work out a decent way of presenting control to the config. It
+will never be used because we use a new context every time. */
+#ifdef notdef
(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+#endif

/* Initialize with DH parameters if supplied */
/* Initialize ECDH temp key parameter selection */

--
You are receiving this mail because:
You are on the CC list for the bug.