> On Apr 2, 2019, at 11:17 AM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote: > > If I understand right from rfc5077 the next record from the server after > the server-hello should have been an empty session_ticket, if it was > going to accept the resumed session. But it goes on to a full handshake > instead. > > Is there any way of finding out what it didn't like? Does the server have a temporally stable ticket decryption key? Is this Exim? Is the server's SSL_CTX persistent and shared across multiple connections? IIRC Exim has a completely fresh SSL stack initialized after fork for every client... -- Viktor.
