Expire (manually) TLS sessions?
jblaine at kickflop.net
Fri Jan 16 06:58:06 EST 2009
Hmm. That's not working for me.
# rm tls_sessions.db
# /etc/init.d/imap start
Jan 16 06:54:36 imapsrv imap: [ID 286863 local6.notice]
imapd:Loading hard-coded DH parameters
Jan 16 06:54:36 imapsrv imap: [ID 239158 local6.notice] STARTTLS
negotiation failed: bva-172.our.com
bash-2.05# ls -l tls*
tls*: No such file or directory
Sebastian Hagedorn wrote:
> Hello Jeff,
> --On 16. Januar 2009 06:38:27 -0500 Jeff Blaine <jblaine at kickflop.net>
>> Maybe we're doing something wrong in the process, but it
>> seems that every time we perform offline maintenance
>> (upgrade, whatever) on Cyrus IMAPd ... our users complain
>> that TLS breaks afterward, but then fixes itself in time.
>> I've demonstrated this to myself just now with the upgrade
>> to 2.3.13 from 2.2.12. My TLS session is cached but broken
>> with the new setup (or for whatever other reason). That is,
>> even after restarting Thunderbird, I get the following:
>> Jan 16 06:31:50 imapsrv imap: [ID 239158 local6.notice] STARTTLS
>> negotiation failed: bva-172.our.com
>> Is there a way to zero/flush all TLS cached sessions? I
>> have to imagine there is, but I don't know how.
> as before: just delete the tls_sessions files before you start
> cyrus-imapd. They will be recreated automatically. You could even make
> that part of the initscript, because those session don't survive a
> restart anyway.
More information about the Info-cyrus