Deprecated? smtpd_tls_session_cache_database

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Deprecated? smtpd_tls_session_cache_database

mrobti
I thought I had read somewhere that modern versions of Postfix you
shouldn't set up smtpd_tls_session_cache_database but I can't see
anything in the docs now.

Reading docs still it seems smtpd_tls_session_cache_database can be
useful. What is behavior when its empty(default)?
Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

Viktor Dukhovni


> On Feb 28, 2018, at 11:35 PM, MRob <[hidden email]> wrote:
>
> I thought I had read somewhere that modern versions of Postfix you shouldn't set up smtpd_tls_session_cache_database but I can't see anything in the docs now.

You're better of without it, because session tickets do the job
better.

> Reading docs still it seems smtpd_tls_session_cache_database can be useful.
> What is behavior when its empty(default)?

Postfix servers will return session tickets to clients that support that
extension.  MTAs that support TLS session caching (Postfix and ???) will
transparently support session tickets.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

mrobti
On 2018-03-01 04:42, Viktor Dukhovni wrote:
>> On Feb 28, 2018, at 11:35 PM, MRob <[hidden email]> wrote:
>>
>> I thought I had read somewhere that modern versions of Postfix you
>> shouldn't set up smtpd_tls_session_cache_database but I can't see
>> anything in the docs now.
>
> You're better of without it, because session tickets do the job
> better.

OK thanks Victor a lot. Does that mean I should also remove
smtp_tls_session_cache_database?

>> Reading docs still it seems smtpd_tls_session_cache_database can be
>> useful.
>> What is behavior when its empty(default)?
>
> Postfix servers will return session tickets to clients that support
> that
> extension.  MTAs that support TLS session caching (Postfix and ???)
> will
> transparently support session tickets.

Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

mrobti
On 2018-03-01 04:49, MRob wrote:
> On 2018-03-01 04:42, Viktor Dukhovni wrote:
>>> On Feb 28, 2018, at 11:35 PM, MRob <[hidden email]> wrote:
>>>
>>> I thought I had read somewhere that modern versions of Postfix you
>>> shouldn't set up smtpd_tls_session_cache_database but I can't see
>>> anything in the docs now.
>>
>> You're better of without it, because session tickets do the job
>> better.

If I was useing smtpd_tls_session_cache_database does it disable session
tickets?
BTW, are smtpd session tickets shared along multi-instances?

> OK thanks Victor a lot. Does that mean I should also remove
> smtp_tls_session_cache_database?

Trying to understand more, your words below, do they indicate YES to my
question, I need smtp_tls_session_cache_database so on the client side I
will cache tickets from servers?

>>> Reading docs still it seems smtpd_tls_session_cache_database can be
>>> useful.
>>> What is behavior when its empty(default)?
>>
>> Postfix servers will return session tickets to clients that support
>> that
>> extension.  MTAs that support TLS session caching (Postfix and ???)
>> will
>> transparently support session tickets.
Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

Viktor Dukhovni
In reply to this post by mrobti


> On Feb 28, 2018, at 11:49 PM, MRob <[hidden email]> wrote:
>
> OK thanks Victor a lot. Does that mean I should also remove smtp_tls_session_cache_database?

NO.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

Viktor Dukhovni
In reply to this post by mrobti


> On Mar 1, 2018, at 12:14 AM, MRob <[hidden email]> wrote:
>
> If I was useing smtpd_tls_session_cache_database does it disable session tickets?

No, but it wastes space on the server, caching sessions the client is unlikely
to use.

> BTW, are smtpd session tickets shared along multi-instances?

No.  Nor should a client expect to find the same cache at a different
domain and/or port.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Deprecated? smtpd_tls_session_cache_database

mrobti
In reply to this post by Viktor Dukhovni
On 2018-03-01 05:16, Viktor Dukhovni wrote:
>> On Feb 28, 2018, at 11:49 PM, MRob <[hidden email]> wrote:
>>
>> OK thanks Victor a lot. Does that mean I should also remove
>> smtp_tls_session_cache_database?
>
> NO.

I typoed in my last email (YES/NO), so anyways I think I understand
thanks to your time taken to do some explaining. It's a big thank you
from here.