Expire (manually) TLS sessions?

Sebastian Hagedorn Hagedorn at uni-koeln.de
Fri Jan 16 07:54:19 EST 2009

--On 16. Januar 2009 07:48:18 -0500 Jeff Blaine <jblaine at kickflop.net> 

> More info after increasing local6.info to local6.debug for
> syslog:
> accepted connection
> imapd:Loading hard-coded DH parameters
> SSL_accept() incomplete -> wait
> decryption failed or bad record mac in SSL_accept() -> fail
> STARTTLS negotiation failed: bva-172.our.com
> Our TLS all worked fine before the upgrade :(

I'm pretty sure the tls_cache is a red herring. The SSL/TLS code changed a 
lot between 2.2 and 2.3. My guess would be that there lies the actual 

I wonder where the line "Loading hard-coded DH parameters" comes from. I 
haven't seen that before. Anyway, I guess you need an SSL expert to make 
sense of that. How old is your certificate? Maybe the new code doesn't like 
it? Did you build the binary yourself or where did you get it?
     .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.
                   .:.:.:.Skype: shagedorn.:.:.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090116/ca2532cb/attachment.bin 

More information about the Info-cyrus mailing list