On Thu, May 09, 2013 at 12:11:38AM +0000, Viktor Dukhovni wrote:
> Has anyone seen the type of problem reported on the postfix-users list today?
>
> http://archives.neohapsis.com/archves/postfix/2013-05/0158.html
>
> (and earlier posts upthread).
>
> TLS handshakes without session resumption succeed, while resumed
> sessions always fail, with the server sending a zero-length "finished"
> message (which encrypts to 32 bytes). I don't yet which TLS toolkit
> the server is running. The version of OpenSSL on the client does
> not seem to matter.
However disabling TLS extensions in the client does. With "no-tlsext",
the server does not resume past sessions. Perhaps the server's
implementation of session tickets is the culprit. Has anyone else
observed such servers in the wild?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
