On Fri, Oct 01, 2021 at 01:00:09PM -0400, Viktor Dukhovni via Exim-users wrote:
> > > I'd like to ask, if I may, how TLS resumption interacts with DANE or
> > > other authenticated TLS policy, [...]
> > If enabled for a target host (default being no) then the session
> > cache lookup key is the unadorned IP.
Meanwhile, if haven't misuderstood your response, or failed to grasp the
complete picture, I think that Exim 4.95 users who want to support
outbound DANE should not enable TLS resumption, and likely the
documentation should advise them of the potential negative interactions.
When a session was cached for resumption (based on policy to cache
sessions for a particular destination), what determines whether that
cached session would later be used?
Does the current destination (would that be a domain, a host, an IP
address... ?) need to explicitly opt-in for resumption, or is presence
of the matching IP address in the cache sufficient to trigger session