[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?
From: Viktor Dukhovni <exim-users () dukhovni ! org>
Date: 2017-03-31 2:01:32
Message-ID: FBC92514-42AE-4A21-9AFB-AF39A3C705E8 () dukhovni ! org
[Download RAW message or body]
> On Mar 30, 2017, at 9:51 PM, Phil Pennock <pdp@exim.org> wrote:
>
>> What this means is that session resumption can't possibly work in
>> Exim (which is OK, Exim is not obligated to optimize the handshake
>> overhead of high-volume TLS traffic). Consequently, it would be
>> best if Exim did not generate SSL session ids or vend TLS session
>> tickets.
>
> Sounds right; we should consider adding this to the default value of
> openssl_options, which theoretically exposes _every_ `SSL_OP_` to
> administrator control.
Yes, for NO_TICKET, but for completeness you also need to change
the cache mode (to completely disable the cache), which cannot be
done via the option flags.
--
Viktor.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic