On Thu, May 09, 2013 at 06:52:49PM +0200, Jukka Salmi wrote:
> > Indeed handshakes fail for resumed sessions. What version of
> > Postfix and OpenSSL is installed on rho.salmi.ch?
>
> It's a NetBSD/amd64 5.1_STABLE system running Postfix 2.8.3; OpenSSL is
> at 0.9.9:
>
> $ openssl version -a
>
> OpenSSL 0.9.9-dev 09 May 2008
> built on: NetBSD 5.1_STABLE
> platform: NetBSD-x86_64
> options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
> blowfish(idx)
> compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107)
> OPENSSLDIR: "/etc/openssl"
This is better. Thanks. When I build an OpenSSL release from git
from approximately that time, and try to reuse an SSL session, the
server segfaults! I could try to hunt down a version that exhibits
the precise symptoms, or try to find hte NetBSD source for this, ...
but it is not a good use of time.
You should build Postfix from pkgsrc linked with OpenSSL 1.0.1e
also from pkgsrc.
The TLS support in the base system Postfix is unfortunately a victim
of old development snapshot OpenSSL library defects.
--
Viktor.
