TLS changes in 2.4.x

Stephen Ingram sbingram at gmail.com
Mon Mar 19 02:33:07 EDT 2012


I just upgraded from 2.3.x to 2.4.13 using Simon Matter's rpms. The
upgrade is going as expected from all of the comments on the list with
one big exception. I'm wondering how TLS has changed from the 2.3
series. I have 2 different Postfix systems trying to connect (using
LMTP) to one Cyrus-IMAP mailstore. Both Postfix systems were able to
STARTTLS during LMTP to the Cyrus-IMAP mailstore before the upgrade.
Only one (the first one that connects) is able to do so after the
upgrade.

I've actually set this up with virtual machines so I could test and
rollback to see what was going on. I upgraded a test Cyrus-IMAP
server, and, again, only the first Postfix server to connect could do
so successfully. I've also verified the results using lmtptest which
hangs with the errant server.

The only thing I can imagine might be causing the problem is that I'm
using the same wildcard certificate (3rd party signed) for each
Postfix machine trying to connect to the Cyrus-IMAP mailstore, which
also uses the same certificate (all in same domain). I notice that
there is a note in the change logs regarding TLS session reuse. Could
this TLS caching be the problem?

Steve


More information about the Info-cyrus mailing list