Re: [exim] Exim 4.95 released

Top Page

Reply to this message
Author: Viktor Dukhovni
To: exim-users
Subject: Re: [exim] Exim 4.95 released
On Tue, Sep 28, 2021 at 11:19:34PM +0200, Heiko Schlittermann via Exim-users wrote:

> New stuff we've added since 4.94:
> - From previous experimental support:
> - fast-ramp queue run
> - native SRS
> - TLS resumption

I'd like to ask, if I may, how TLS resumption interacts with DANE or
other authenticated TLS policy, assuming potential earlier
unauthenticated TLS connections to the same IP:port or name:port on
behalf of some other domain (or via an alternate "router") which did not
require an authenticated connection, or otherwise had a different set of
TLS requirements.

In Postfix, Wietse and I had to take care in the session cache design to
avoid resumption across distinct client TLS "policies" (PKI type,
authentication, cipher list, allowed protocol versions, sorted DANE TLS
RRset, ...). Does Exim also partition the session cache by a security
policy fingerprint?

> - faster TLS startup

May I ask what this means?