Re: [exim] Exim 4.95 released

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] Exim 4.95 released
On Fri, Oct 01, 2021 at 01:00:09PM -0400, Viktor Dukhovni via Exim-users wrote:

> > > I'd like to ask, if I may, how TLS resumption interacts with DANE or
> > > other authenticated TLS policy, [...]
> >
> > If enabled for a target host (default being no) then the session
> > cache lookup key is the unadorned IP.


Meanwhile, if haven't misuderstood your response, or failed to grasp the
complete picture, I think that Exim 4.95 users who want to support
outbound DANE should not enable TLS resumption, and likely the
documentation should advise them of the potential negative interactions.

When a session was cached for resumption (based on policy to cache
sessions for a particular destination), what determines whether that
cached session would later be used?

Does the current destination (would that be a domain, a host, an IP
address... ?) need to explicitly opt-in for resumption, or is presence
of the matching IP address in the cache sufficient to trigger session
reuse?

-- 
    Viktor.