On 30/03/17 22:11, Viktor Dukhovni wrote: > Disabling session generation and suppressing session tickets takes > a few lines of code (for OpenSSL): > > #ifdef SSL_OP_NO_TICKET > SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); > #endif > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); > > This will save clients the cost of attempting session resumption, > and will save bandwidth transmitting session tickets, ...
I've pushed that addition. > There's likely something similar that can be done to disable > server-side session caches with GnuTLS. More problematic. Server side appears to default to neither ticket nor cache support; you have to request it and Exim does not. Client side defaults to ticket-enabled in 3.1.3 + (unless you use a priority string of "PFS", which only appears in 3.2.4 +). I've not done anything there. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
