On Wed, May 08, 2013 at 11:49:53PM +0000, Viktor Dukhovni wrote:
> While the problem Ralf reported looks similar, tests against the
> server he reported fail to discover any support for session reuse,
> so either one has to be very lucky to re-use a session (possible
> with forking servers without a shared cache) or Ralf ran into a
> slightly different problem.
Indeed "luck" (aka perseverance) is all it takes. Given enough
sessions the MTA in Ralf's report finally accepts the session id,
and then breaks in the same way (zero length finished message).
This server also sets session tickets.
The server's greeting banner purports to be Postfix, which if true,
and not front-ended by some sort of SSL-terminating firewall, or
load-balancer, ... means that the server-side bug is in some version
of OpenSSL.
Any information on the server's O/S, OpenSSL and Postfix version
and whether the Postfix TLS session cache database is enabled would
be most helpful.
--
Viktor.
