Expire (manually) TLS sessions?
Jeff Blaine
jblaine at kickflop.net
Fri Jan 16 06:58:06 EST 2009
Hmm. That's not working for me.
bash-2.05# pwd
/var/imap
# rm tls_sessions.db
# /etc/init.d/imap start
#
Jan 16 06:54:36 imapsrv imap[20300]: [ID 286863 local6.notice]
imapd:Loading hard-coded DH parameters
Jan 16 06:54:36 imapsrv imap[20300]: [ID 239158 local6.notice] STARTTLS
negotiation failed: bva-172.our.com
bash-2.05# pwd
/var/imap
bash-2.05# ls -l tls*
tls*: No such file or directory
bash-2.05#
Sebastian Hagedorn wrote:
> Hello Jeff,
>
> --On 16. Januar 2009 06:38:27 -0500 Jeff Blaine <jblaine at kickflop.net>
> wrote:
>
>> Maybe we're doing something wrong in the process, but it
>> seems that every time we perform offline maintenance
>> (upgrade, whatever) on Cyrus IMAPd ... our users complain
>> that TLS breaks afterward, but then fixes itself in time.
>>
>> I've demonstrated this to myself just now with the upgrade
>> to 2.3.13 from 2.2.12. My TLS session is cached but broken
>> with the new setup (or for whatever other reason). That is,
>> even after restarting Thunderbird, I get the following:
>>
>> Jan 16 06:31:50 imapsrv imap[19690]: [ID 239158 local6.notice] STARTTLS
>> negotiation failed: bva-172.our.com
>>
>> Is there a way to zero/flush all TLS cached sessions? I
>> have to imagine there is, but I don't know how.
>
> as before: just delete the tls_sessions files before you start
> cyrus-imapd. They will be recreated automatically. You could even make
> that part of the initscript, because those session don't survive a
> restart anyway.
More information about the Info-cyrus
mailing list