[Dovecot] [ Re: best practises for mail systems]

Matthias-Christian Ott ott at mirix.org
Sat Jun 9 17:35:42 EEST 2012

On 2012-06-09 16:11, Timo Sirainen wrote:
> On 9.6.2012, at 4.55, Matthias-Christian Ott wrote:
>> Yes, there is. You have to replicate the entire state of the IMAP
>> session (protocol states, buffers, TLS state etc.) and the TCP state of
>> the connection. The state of the IMAP session is (in theory) easily
>> replicable (although you probably have to rely on internals of the TLS
>> implementation; OpenSSL can serialise TLS sessions from/into ASN.1 via
>> i2d_SSL_SESSION, though this is meant to resume session via TLS)
> Interesting! I thought OpenSSL didn't have a way to [de]serialize the session state. The first time I wanted to do that was 13 years ago. I see there are some google hits for i2d_SSL_SESSION, but do you already know a good web page / example code I could look at?

The Apache httpd module mod_ssl uses it.

GnuTLS has similar functions with gnutls_db_*, although it's also only
intended to be used to resume a session. Have look at the Apache httpd
module mod_gnutls.


More information about the dovecot mailing list