Hi, after upgrade to 4.90 I noticed strange behavior on Outlook@win7 (0x800CCC1A "Your Server does not support the connection encryption type you have specified.") but it was not typical ciphersuite mismatch - something was really strange - outlook managed to send the message successfully on 2nd to 4th try!

I grabbed traffic and in failed sessions outlook was breaking connection (FIN) just after Server Hello. The only difference was non empty Session ID on Client Hello on failed connections (Server Hello always contained empty Session ID because exim disables session cache since 4.90: https://github.com/Exim/exim/commit/7006ee24ecfd9d8f405f70d38cc36bdd91f8de87 ).

I couldn't find any way to disable tls session cache on windows side (it's possible for SCHANNEL but outlook seems to be using WinHttp library) so I just rebuilt exim 4.90.1 with following change reverted:

+/* Disable session cache unconditionally */
+
+(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+

and it fixed the problem (now I have non-empty Session ID in Server Hello and it makes outlook happy).

I wonder if anybody observed similar behavior and managed to find better fix (on client side probably?).

What about creating a configure knob to disable session cache (let it be on by default)?

best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7 http://fork.pl/gpg.txt


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to