Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-28 Thread Benjamin Kaduk
On Tue, Apr 24, 2018 at 10:21:28AM -0400, Viktor Dukhovni wrote: > > > > On Apr 24, 2018, at 9:29 AM, Benjamin Kaduk wrote: > > > > To be clear, the current draft explicitly says "Servers SHOULD issue > > new tickets with every connection." This is not a MUST, but is > >

Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-24 Thread Benjamin Kaduk
On Mon, Apr 23, 2018 at 09:34:18PM -0400, Viktor Dukhovni wrote: > > > > On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni > > wrote: > > > > - Client-side diagnostics - > > On the server side I see that even when the ticket callback returns "0" to > accept

Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-23 Thread Viktor Dukhovni
> On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni > wrote: > > - Client-side diagnostics - On the server side I see that even when the ticket callback returns "0" to accept and not re-issue the ticket, a new ticket is requested anyway. I'd like to be able

[openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-23 Thread Viktor Dukhovni
I tested a Postfix server and client built against OpenSSL 1.1.0, using 1.1.1 run-time libraries. This exercised peer certificate fingerprint matching and session resumption. No major issues. The only interesting observations are: * With TLS 1.3 a new session is generated even sessions are

Re: [openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

2018-04-23 Thread Matt Caswell
On 23/04/18 02:49, Viktor Dukhovni wrote: > > I tested a Postfix server and client built against OpenSSL 1.1.0, > using 1.1.1 run-time libraries. This exercised peer certificate > fingerprint matching and session resumption. No major issues. > > The only interesting observations are: > >