Hello
Viktor Dukhovni --> postfix-users (2013-05-08 18:01:52 +0000):
> On Wed, May 08, 2013 at 07:24:03PM +0200, Jukka Salmi wrote:
>
> > Funny, I was just going to report the probably same issue...
> >
> > I can reproduce the problem on up-to-date Linux and FreeBSD systems, but
> > not on a older NetBSD system:
> >
> > Linux/x86_64 Postfix 2.10.0 OpenSSL 1.0.1e
> > FreeBSD/amd64 Postfix 2.10.0 OpenSSL 1.0.1e
> > NetBSD/i386 Postfix 2.7.3 OpenSSL 0.9.9-dev
> >
> > When sending several mails in succession, failure and success seem to
> > alternate (i.e. exactly one failed handshake, then a successful one,
> > then a failed one again, etc.). And not using a TLS session cache for
> > smtp(8) (smtp_tls_session_cache_database) seems to work around the
> > problem.
>
> Thanks, I can reproduce this also with cached sessions and OpenSSL 1.0.1e.
[...]
> Indeed handshakes fail for resumed sessions. What version of
> Postfix and OpenSSL is installed on rho.salmi.ch?
It's a NetBSD/amd64 5.1_STABLE system running Postfix 2.8.3; OpenSSL is
at 0.9.9:
$ openssl version -a
OpenSSL 0.9.9-dev 09 May 2008
built on: NetBSD 5.1_STABLE
platform: NetBSD-x86_64
options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
blowfish(idx)
compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107)
OPENSSLDIR: "/etc/openssl"
Postfix smtpd(8) TLS settings:
smtpd_tls_security_level=may
smtpd_tls_CAfile = /etc/openssl/certs/cacert.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_ccert_verifydepth = 1
smtpd_tls_cert_file = $config_directory/tls/smtp.crt
smtpd_tls_key_file = $config_directory/tls/smtp.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache
HTH & cheers,
Jukka
--
This email fills a much-needed gap in the archives.
