> On Mar 30, 2017, at 9:51 PM, Phil Pennock <p...@exim.org> wrote: > >> What this means is that session resumption can't possibly work in >> Exim (which is OK, Exim is not obligated to optimize the handshake >> overhead of high-volume TLS traffic). Consequently, it would be >> best if Exim did not generate SSL session ids or vend TLS session >> tickets. > > Sounds right; we should consider adding this to the default value of > openssl_options, which theoretically exposes _every_ `SSL_OP_` to > administrator control.
Yes, for NO_TICKET, but for completeness you also need to change the cache mode (to completely disable the cache), which cannot be done via the option flags. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/