Expire (manually) TLS sessions?

Jeff Blaine jblaine at kickflop.net
Fri Jan 16 08:16:36 EST 2009

Sebastian Hagedorn wrote:
> --On 16. Januar 2009 07:48:18 -0500 Jeff Blaine <jblaine at kickflop.net> 
> wrote:
>> More info after increasing local6.info to local6.debug for
>> syslog:
>> accepted connection
>> imapd:Loading hard-coded DH parameters
>> SSL_accept() incomplete -> wait
>> decryption failed or bad record mac in SSL_accept() -> fail
>> STARTTLS negotiation failed: bva-172.our.com
>> Our TLS all worked fine before the upgrade :(
> I'm pretty sure the tls_cache is a red herring. The SSL/TLS code changed 
> a lot between 2.2 and 2.3. My guess would be that there lies the actual 
> problem.
> I wonder where the line "Loading hard-coded DH parameters" comes from. I 
> haven't seen that before. Anyway, I guess you need an SSL expert to make 
> sense of that. How old is your certificate? Maybe the new code doesn't 
> like it? Did you build the binary yourself or where did you get it?

The certificate is 1 year 10 months old.

Everything was built by hand (as it was with our 2.2.12
install as well).

I'll try redoing the cert.

More information about the Info-cyrus mailing list