On Fri, Jan 16, 2009 at 12:46:32PM +0100, Sebastian Hagedorn wrote: > Hello Jeff, > > --On 16. Januar 2009 06:38:27 -0500 Jeff Blaine <jblaine@xxxxxxxxxxxx> > wrote: > >> Maybe we're doing something wrong in the process, but it >> seems that every time we perform offline maintenance >> (upgrade, whatever) on Cyrus IMAPd ... our users complain >> that TLS breaks afterward, but then fixes itself in time. >> >> I've demonstrated this to myself just now with the upgrade >> to 2.3.13 from 2.2.12. My TLS session is cached but broken >> with the new setup (or for whatever other reason). That is, >> even after restarting Thunderbird, I get the following: >> >> Jan 16 06:31:50 imapsrv imap[19690]: [ID 239158 local6.notice] STARTTLS >> negotiation failed: bva-172.our.com >> >> Is there a way to zero/flush all TLS cached sessions? I >> have to imagine there is, but I don't know how. > > as before: just delete the tls_sessions files before you start > cyrus-imapd. They will be recreated automatically. You could even make > that part of the initscript, because those session don't survive a > restart anyway. In that case maybe Cyrus should do this itself? Sounds like a candidate for a fix. (we don't do TLS on our backends, because all connections come to nginx, and it always connects plaintext to the backends) Bron. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
