On Fri, Oct 01, 2021 at 01:00:09PM -0400, Viktor Dukhovni via Exim-users wrote:
> > > I'd like to ask, if I may, how TLS resumption interacts with DANE or > > > other authenticated TLS policy, [...] > > > > If enabled for a target host (default being no) then the session > > cache lookup key is the unadorned IP. Meanwhile, if haven't misuderstood your response, or failed to grasp the complete picture, I think that Exim 4.95 users who want to support outbound DANE should not enable TLS resumption, and likely the documentation should advise them of the potential negative interactions. When a session was cached for resumption (based on policy to cache sessions for a particular destination), what determines whether that cached session would later be used? Does the current destination (would that be a domain, a host, an IP address... ?) need to explicitly opt-in for resumption, or is presence of the matching IP address in the cache sufficient to trigger session reuse? -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/