On Sat, Oct 15, 2022 at 09:46:06PM +0200, Gerald Galster wrote:
> > One more PCAP file could shed light on this hypothesis. This would be
> > with tickets enabled on the server, and the client using "pre-update"
> > Windows.
>
> I'll see if I have any pre-update snapshots left.
Turns out that the Outlook client also offered TLS session tickets
in the pre-update configuration. The only difference in the TLS
Client Hello was 3 fewer ciphers:
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Otherwise neither the client nor server TLS handshakes showed any
material differences, until the client just hangs up. In particular the
session id length was still 0. This suggests a problem with the TLS
stack, rather than Outlook.
--
Viktor.
