https://bugs.exim.org/show_bug.cgi?id=2255
Phil Pennock <p...@exim.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |p...@exim.org --- Comment #16 from Phil Pennock <p...@exim.org> --- I think we should seriously consider backing out that change. while Viktor is right that it's best to not have clients spend bandwidth on session caching stuff, it's a client-exposed protocol-level change, which means that clients which _demand_ session caching see a difference. The variance in amount of traffic is fairly minimal, not worth the disruption IMO. We might consider SSL_CTX_set_session_cache_mode(SSL_SESS_CACHE_NO_INTERNAL) instead, to just not try to save or look up session cache stuff, but I don't feel like digging into how portable that is across OpenSSL versions. We're optimizing session start-up, in SMTP (which is store-and-forward, not interactive) at the expense of client compatibility, even if it is dodgy clients. Unless and until there's a security issue disclosed with even offering session resumption, let's allow it? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##