From: Jeremy Harris Date: Sun, 8 Apr 2018 21:45:39 +0000 (+0100) Subject: OpenSSL: Revert the disabling of the session-cache. Bug 2255 X-Git-Tag: exim-4_91~16 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/a28050f855e0011e0b6f1b395d65e3cebcb277a2 OpenSSL: Revert the disabling of the session-cache. Bug 2255 Session cacheing is never useful, as we use a new context for every TLS startup. However, removing the support triggers odd behaviour from Outlook Express (only when there is an IMAP server on the same machine as Exim): an initial connect from the OE client fails, the immediate retry works. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 903840a6b..5e9d2afb7 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -200,6 +200,9 @@ JH/36 Fix reinitialisation of DKIM logging variable between messages. Previously it was possible to log spurious information in receive log lines. +JH/37 Bug 2255: Revert the disable of the OpenSSL session caching. This + triggered odd behaviour from Outlook Express clients. + Exim version 4.90 ----------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index c142bd059..bfdfe211f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1601,9 +1601,15 @@ if (init_options) else DEBUG(D_tls) debug_printf("no SSL CTX options to set\n"); -/* Disable session cache unconditionally */ - +/* We'd like to disable session cache unconditionally, but foolish Outlook +Express clients then give up the first TLS connection and make a second one +(which works). Only when there is an IMAP service on the same machine. +Presumably OE is trying to use the cache for A on B. Leave it enabled for +now, until we work out a decent way of presenting control to the config. It +will never be used because we use a new context every time. */ +#ifdef notdef (void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); +#endif /* Initialize with DH parameters if supplied */ /* Initialize ECDH temp key parameter selection */