Nginx IMAP proxy SSL problems in 0.6.31

This is more of an FYI for anyone using nginx for IMAP proxying.

We have been using 0.5.36 for ages, but decided the other day to upgrade
to
0.6.31. At first everything seemed to work just fine. However I noticed
that
when you sent an email via Outlook Express, it would fail to upload the
email to the Sent Items folder on the IMAP server, and report an error
about
the server terminating the connection. Everything else seemed to be fine
though.

After a bunch of digging about in SSL source, it seemed that the problem
was
actually Outlook Express disconnecting during the SSL handshake phase.
After
some suggestions from Igor, it was thought that maybe a change between
0.5
and 0.6 series where the SSL session cache was disabled unless
explicitly
enabled might be the problem.

Some testing seems to show that that is the problem.

By default, 0.6.31 explicitly disables the SSL cache
(SSL_SESS_CACHE_OFF,
see http://marc.info/?t=120127289900027&r=1&w=2 for why) unless you add
a
ssl_session_cache line (see
http://wiki.codemongers.com/NginxMailSslModule#ssl_session_cache for
details)

It seems that there’s some interaction between OpenSSL and Outlook
Express
that one of them doesn’t like. Adding any sort of session cache seems to
fix
the problem. (Even if it’s only a local one in a multi-process model,
which
in theory should not necessarily help at all)

Rob

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs