resumption problem

Jeremy Harris jgh at
Fri Mar 27 22:10:16 UTC 2020

On 27/03/2020 21:52, Viktor Dukhovni wrote:
> On Fri, Mar 27, 2020 at 09:25:28PM +0000, Jeremy Harris wrote:
>>> If the distro started with 1.1.1 and only backported security fixes, you
>>> could be running an OpenSSL version with the unintentional bidirectional
>>> setting.
>> .. either this, or even an unpatched basic 1.1.1 .
>> A simple code addition to avoid that call in the client case sounds
>> in order. 

Testing, it appears to work - I get resumption and not that error.
And the Exim testsuite shows no regressions, at least on my laptop
(which is Fedora 31, with 1.1.1d).

>>> Another possibility is that your system-wide openssl.cnf file has a
>>> "RequestCAFile" or "ClientCAFile" setting.
>> Neither appears to be present in /etc/pki/tls/openssl.cnf
> And neither has any ".include" directives?

One, but that file doesn't have either string, either.

More information about the openssl-users mailing list