nginx IMAP proxy SSL problems in 0.6.31
Rob Mueller
robm at fastmail.fm
Wed May 21 04:53:20 MSD 2008
This is more of an FYI for anyone using nginx for IMAP proxying.
We have been using 0.5.36 for ages, but decided the other day to upgrade to
0.6.31. At first everything seemed to work just fine. However I noticed that
when you sent an email via Outlook Express, it would fail to upload the
email to the Sent Items folder on the IMAP server, and report an error about
the server terminating the connection. Everything else seemed to be fine
though.
After a bunch of digging about in SSL source, it seemed that the problem was
actually Outlook Express disconnecting during the SSL handshake phase. After
some suggestions from Igor, it was thought that maybe a change between 0.5
and 0.6 series where the SSL session cache was disabled unless explicitly
enabled might be the problem.
Some testing seems to show that that is the problem.
By default, 0.6.31 explicitly disables the SSL cache (SSL_SESS_CACHE_OFF,
see http://marc.info/?t=120127289900027&r=1&w=2 for why) unless you add a
ssl_session_cache line (see
http://wiki.codemongers.com/NginxMailSslModule#ssl_session_cache for
details)
It seems that there's some interaction between OpenSSL and Outlook Express
that one of them doesn't like. Adding any sort of session cache seems to fix
the problem. (Even if it's only a local one in a multi-process model, which
in theory should not necessarily help at all)
Rob
More information about the nginx
mailing list