X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b1a4f2342be3e09981033bb5a1718ad909f86ad7..dea4b5684c694c41105215bdb25f8e91b7c35c5d:/src/src/tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 8bd5aeda4..df07c536c 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -89,6 +89,12 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 # endif
 #endif
 
+#ifdef EXPERIMENTAL_TLS_RESUME
+# if GNUTLS_VERSION_NUMBER < 0x030603
+#  error GNUTLS version too early for session-resumption
+# endif
+#endif
+
 #ifndef DISABLE_OCSP
 # include <gnutls/ocsp.h>
 #endif
@@ -209,7 +215,7 @@ don't want to repeat this. */
 
 static gnutls_dh_params_t dh_server_params = NULL;
 
-static int ssl_session_timeout = 3600;	/* One hour */
+static int ssl_session_timeout = 7200;	/* Two hours */
 
 static const uschar * const exim_default_gnutls_priority = US"NORMAL";
 
@@ -2451,7 +2457,9 @@ if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
   tlsp->resumption |= RESUME_CLIENT_REQUESTED;
   if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
     {
-    /* key for the db is the IP */
+    /* Key for the db is the IP.  We'd like to filter the retrieved session
+    for ticket advisory expiry, but 3.6.1 seems to give no access to that */
+
     if ((dt = dbfn_read_with_length(dbm_file, host->address, &len)))
       if (!(rc = gnutls_session_set_data(session,
 		    CUS dt->session, (size_t)len - sizeof(dbdata_tls_session))))